Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
EspoCRM Relative Path Traversal Vulnerability (CVE-2026-33733)
MediaWiki Resource Management Errors Vulnerability (CVE-2015-6733)
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)
Drupal Improper Input Validation Vulnerability (CVE-2012-1589)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)