Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress 6.2.x Multiple Vulnerabilities (6.2 - 6.2.2)
Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9740)
WordPress Plugin WooCommerce Open Redirect (3.7.0)
Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19880)