Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547)
WordPress Plugin WP Security Safe Cross-Site Request Forgery (2.2.2)
Oracle JRE Incorrect Conversion between Numeric Types Vulnerability (CVE-2022-34169)
Liferay Portal Session Fixation Vulnerability (CVE-2023-47798)
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048)