CVE-2021-32573

Name of the Vulnerable Software and Affected Versions express-cart versions 1.1.10 and earlier

Description The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website.

Recommendations For express-cart versions 1.1.10 and earlier, consider restricting access to user input fields for product options to minimize the risk of exploitation. As a temporary workaround, consider validating and sanitizing all user input to prevent XSS attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.