Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2024-38227 Vulnerability (CVE-2024-38227)
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)
WordPress Plugin Events Made Easy Multiple Vulnerabilities (1.5.49)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager Cross-Site Scripting (2.4)