Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)
WebLogic CVE-2022-21257 Vulnerability (CVE-2022-21257)
Internet Information Services Other Vulnerability (CVE-2001-0004)
WordPress Plugin Launcher:Coming Soon & Maintenance Mode Cross-Site Scripting (1.0.10)
WordPress Plugin Student Result or Employee Database Security Bypass (1.6.3)