Description
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Remediation
References
Related Vulnerabilities
Apache 2.x version older than 2.0.43
Ruby Resource Management Errors Vulnerability (CVE-2014-6438)
Squid Integer Overflow or Wraparound Vulnerability (CVE-2021-31807)
WordPress Plugin SS Downloads Multiple Cross-Site Scripting Vulnerabilities (1.4.4.1)
WordPress Plugin Audio Player Cross-Site Scripting (2.0.4.5)