Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)
Drupal Incorrect Default Permissions Vulnerability (CVE-2020-13667)
Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)
Oracle JRE CVE-2013-5843 Vulnerability (CVE-2013-5843)
WordPress Plugin Videox7 UGC 'listid' Parameter Cross-Site Scripting (2.5.3.2)