Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-0464)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18650)
WordPress Plugin WP SVG Icons Cross-Site Request Forgery (3.2.1)
WordPress Plugin AdSense Manager Cross-Site Scripting (4.0.3)
WordPress Plugin Featurific For WordPress 'snum' Parameter Cross-Site Scripting (1.6.2)