Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Lazy content Slider Cross-Site Request Forgery (3.4)
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)
Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)
WordPress 3.9.x Denial of Service Vulnerability (3.9 - 3.9.23)