Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2010-1616)
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.11)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-43824)