Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce BuddyPress Integration Unspecified Vulnerability (3.2.6.1)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.28)
Internet Information Services Other Vulnerability (CVE-1999-1544)
WordPress Improper Access Control Vulnerability (CVE-2015-5623)
WordPress Plugin Resize Image After Upload Cross-Site Request Forgery (1.8.5)