Sept. 30, 2023, 10:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.

attackers browser commerce cross-site cve inject parameter scripting scripts vulnerability web web browser xss

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Business Information Security Officer

@ PwC | Auckland - PwC Tower

CI/CD DevSecOps Developer (Remote)

@ NTT DATA | Halifax, NS, CA

Security Operations Engineer

@ Collectors | Santa Ana, California, United States

Security Engineer

@ Wizeline | Colombia