Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-0738)
Apache HTTP Server CVE-2013-2249 Vulnerability (CVE-2013-2249)
WordPress Plugin Email Before Download SQL Injection (3.6)
WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)