Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)
Oracle Application Server CVE-2006-0290 Vulnerability (CVE-2006-0290)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)
WordPress Cryptographic Issues Vulnerability (CVE-2014-9037)
WordPress Plugin PowerPack for Beaver Builder Privilege Escalation (2.33.0)