CVE-2020-22403

Name of the Vulnerable Software and Affected Versions Express cart versions 1.1.10 and earlier Express cart version 1.1.16

Description A Cross Site Request Forgery (CSRF) issue allows attackers to add an administrator account, add a discount code, or have other unspecified impacts. This issue affects the express-cart package for Node.js.

Recommendations For Express cart versions 1.1.10 and earlier, update to a version later than 1.1.10 to resolve the issue. For Express cart version 1.1.16, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests until a patch is available.