Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin Super Simple Custom CSS Cross-Site Scripting (1.2)
WordPress Plugin Divi Builder Arbitrary File Upload (4.5.2)
WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1)
WordPress Plugin Email Users Cross-Site Scripting (4.8.2)
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)