Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Dropdown and scrollable Text Cross-Site Scripting (2.0)
WordPress Plugin Genesis Simple Share Cross-Site Scripting (1.0.6)
WordPress Plugin LOGOSWARE SUITE Uploader Arbitrary File Upload (1.1.6)
Moodle 7PK - Security Features Vulnerability (CVE-2015-5331)
WordPress Plugin WP Live.php 's' Parameter Cross-Site Scripting (1.2.1)