npm

Severity: low

Cross-Site Scripting

express-cart

Overview

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages.

Remediation

No fix is currently available. Consider using an alternative module until a fix is made available.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Apr 9th, 2019
  2. reported

    Reported by Avinash Hanwate
    Apr 9th, 2019