Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2021-2109 Vulnerability (CVE-2021-2109)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9407)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7929)
WordPress Plugin Helpful Information Disclosure (4.5.25)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)