Description

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

Remediation

References

CVE-2023-43712

Related Vulnerabilities

Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)

CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1931)

WordPress Plugin Simple URLs-Link Cloaking, Product Displays, and Affiliate Link Management Multiple Vulnerabilities (114)

WordPress Plugin Active Directory Integration SQL Injection (1.1.8)

WordPress Plugin Read and Understood Multiple Vulnerabilities (2.1)

Severity

Medium

Classification

CVE-2023-43712 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities