Description

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

Remediation

References

CVE-2023-43702

Related Vulnerabilities

ownCloud Other Vulnerability (CVE-2014-2054)

WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)

WordPress Plugin WordPress Download Manager Arbitrary File Upload (2.8.97)

PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-4577)

WordPress Plugin Count per Day Multiple Cross-Site Scripting Vulnerabilities (3.5.4)

Severity

Medium

Classification

CVE-2023-43702 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities