Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2417 Vulnerability (CVE-2013-2417)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-17189)
WordPress Plugin Campaign URL Builder Cross-Site Request Forgery (1.5.0)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20415)
WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)