Sept. 30, 2023, 10:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.

attackers browser commerce cross-site cve inject parameter scripting scripts vulnerability web web browser xss

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Head of Incident Response

@ Halcyon | Remote

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France

Staff Application Security Engineer (AppSec) - Open to remote across ANZ

@ Canva | Sydney, Australia