Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Share Buttons Adder Cross-Site Scripting (5.6)
WordPress Plugin Customify-Intuitive Website Styling Cross-Site Request Forgery (2.10.4)
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053)
Drupal Core 7.x Remote Code Execution (7.0 - 7.57)
Oracle Database Server CVE-2009-3414 Vulnerability (CVE-2009-3414)