Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57757)
WordPress 4.2.2 Multiple Vulnerabilities (0.7 - 4.2.2)
WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)
WordPress Plugin MP3-jPlayer Cross-Site Scripting (1.8.3)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)