Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)
WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)
WordPress Plugin Form Builder CP Cross-Site Scripting (1.2.31)
Oracle Database Server CVE-2014-6514 Vulnerability (CVE-2014-6514)
Apache read beyond bounds in mod_isapi Vulnerability (CVE-2022-28330)