Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Xhanch-My Twitter Cross-Site Request Forgery (2.7.6)
WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-15098)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3221)
WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)