Lucene search

K
cve[email protected]CVE-2023-43726
HistorySep 30, 2023 - 10:15 p.m.

CVE-2023-43726

2023-09-3022:15:10
CWE-79
web.nvd.nist.gov
18
os commerce
xss
cve-2023-43726
nvd
information security

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.3%

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the β€œorders_products_status_manual_name_long[1]” parameter,
potentially leading to unauthorized execution of scripts within a user’s web browser.

Affected configurations

NVD
Node
oscommerceoscommerceMatch4.12.56860

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Os Commerce",
    "vendor": "Os Commerce",
    "versions": [
      {
        "status": "affected",
        "version": "4.12.56860"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.3%

Related for CVE-2023-43726