Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)
WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)
Oracle Database Server Other Vulnerability (CVE-2007-0277)
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-14209)
WordPress Plugin CYSTEME Finder, the admin files explorer Cross-Site Request Forgery (1.4)