Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows malicious users to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oscommerce oscommerce 4.12.56860 |