Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Limit Posts Automatically Cross-Site Request Forgery (0.7)
WordPress Plugin Appointment Booking Calendar CSV Injection (1.3.34)
WordPress Plugin Collision Testimonials 'admin.php' SQL Injection (3.0)
WordPress Plugin Couponer 'print-coupon.php' SQL Injection (1.2)
PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10211)