Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)
WebLogic CVE-2021-2397 Vulnerability (CVE-2021-2397)
Python Use After Free Vulnerability (CVE-2018-1000030)
WordPress Plugin Brute Force Login Protection Unspecified Vulnerability (1.5)
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.1)