Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
                
            References
                    | Link | Resource | 
|---|---|
| https://fluidattacks.com/advisories/bts/ | Exploit Third Party Advisory | 
| https://www.oscommerce.com/ | Product | 
| https://fluidattacks.com/advisories/bts/ | Exploit Third Party Advisory | 
| https://www.oscommerce.com/ | Product | 
Configurations
                    History
                    No history.
Information
                Published : 2023-09-30 22:15
Updated : 2024-11-21 08:24
NVD link : CVE-2023-43717
Mitre link : CVE-2023-43717
CVE.ORG link : CVE-2023-43717
JSON object : View
Products Affected
                oscommerce
- oscommerce
CWE
                
                    
                        
                        CWE-79
                        
            Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
