Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0095)
WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.0)
WordPress Plugin Events Manager Pro CSV Injection (2.6.7.1)
WordPress Plugin Jssor Slider Arbitrary File Upload (1.3)
Oracle Application Server Other Vulnerability (CVE-2002-0843)