Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-2643 Vulnerability (CVE-2015-2643)
Oracle HTTP Server Other Vulnerability (CVE-2020-35164)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4624)
WordPress Plugin WP User Groups Cross-Site Request Forgery (2.0.0)
Oracle Database Server CVE-2014-6546 Vulnerability (CVE-2014-6546)