Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.26)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)
WordPress Plugin Authenticator Denial of Service (1.3.0)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6024)