Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-2430 Vulnerability (CVE-2014-2430)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16993)
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)
Oracle Database Server CVE-2015-4900 Vulnerability (CVE-2015-4900)
WordPress Plugin Bulk Datetime Change Security Bypass (1.11)