Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)
Magento Incorrect Authorization Vulnerability (CVE-2020-24401)
phpMyAdmin Resource Management Errors Vulnerability (CVE-2014-9218)
TYPO3 CVE-2013-7080 Vulnerability (CVE-2013-7080)
WordPress Plugin bbPress Members Only Cross-Site Request Forgery (1.2.1)