Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
                
            References
                    | Link | Resource | 
|---|---|
| https://fluidattacks.com/advisories/bts/ | Exploit Third Party Advisory | 
| https://www.oscommerce.com/ | Product | 
| https://fluidattacks.com/advisories/bts/ | Exploit Third Party Advisory | 
| https://www.oscommerce.com/ | Product | 
Configurations
                    History
                    No history.
Information
                Published : 2023-09-30 03:15
Updated : 2024-11-21 08:24
NVD link : CVE-2023-43710
Mitre link : CVE-2023-43710
CVE.ORG link : CVE-2023-43710
JSON object : View
Products Affected
                oscommerce
- oscommerce
CWE
                
                    
                        
                        CWE-79
                        
            Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
