Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)
Oracle JRE CVE-2019-2973 Vulnerability (CVE-2019-2973)
WordPress Plugin WP Advanced Importer Cross-Site Scripting (2.1.1)
Oracle JRE CVE-2020-2830 Vulnerability (CVE-2020-2830)
Play Framework Improper Input Validation Vulnerability (CVE-2015-2156)