Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)
WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.21)
WordPress Plugin WP-Forum 'forum_feed.php' SQL Injection (1.7.8)
WordPress Plugin Job Board Vanila Cross-Site Scripting (1.0)