Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29458)
WordPress Plugin DukaPress SQL Injection (2.5.9)
WordPress Plugin Attachment File Icons (AF Icons) Cross-Site Request Forgery (1.3)