Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)
WordPress Plugin Social Share Icons & Social Share Buttons Cross-Site Scripting (3.0.5)
WordPress Plugin Stealth Login Page Unspecified Vulnerability (1.1.3)
Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)