CVE-2020-22403

HIGH

express-cart < 1.1.17 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0057
EPSS Percentile 42.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
express-cart_project/express-cart < 1.1.10
npm/express-cart 0 - 1.1.17npm
Published Aug 12, 2021
Tracked Since Feb 18, 2026