Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0)
WordPress 4.6.x Cross-Site Request Forgery (4.6 - 4.6.13)
Oracle Application Server Other Vulnerability (CVE-2006-0552)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.3.4)