Sept. 30, 2023, 10:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.

attackers browser commerce cross-site cve inject parameter scripting scripts vulnerability web web browser xss

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Embedded Security Analyst

@ Sibylline Ltd | Mountain View, California, United States