Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673)
WebLogic CVE-2018-3197 Vulnerability (CVE-2018-3197)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (6.1.5)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)
WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.1.10)