Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43952)
WordPress Plugin Table Maker Multiple Vulnerabilities (1.7)
WordPress Plugin Chat Room Directory Traversal (0.1.2)
WordPress Plugin Far Future Expiry Header Cross-Site Request Forgery (1.4)
WordPress Plugin FV Flowplayer Video Player URL Cross-Site Scripting (1.2.11)