Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-47287)
Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-22796)
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Arbitrary File Upload (1.3.2)
TYPO3 Inadequate Encryption Strength Vulnerability (CVE-2010-3670)