Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Desktop Notifications for WooCommerce Security Bypass (1.2.7)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)
MySQL CVE-2020-14725 Vulnerability (CVE-2020-14725)
WordPress Plugin WP Server Health Stats Malicious Code (1.7.6)
WordPress Plugin WP Fast Cache Multiple Vulnerabilities (1.4)