Avi3719

**Name of the Vulnerable Software and Affected Versions** express-cart versions 1.1.10 and earlier **Description** The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. **Recommendations** For express-cart versions 1.1.10 and earlier, consider restricting access to user input fields for product options to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing all user input to prevent XSS attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.