Lucene search

Fluid AttacksCVELIST:CVE-2023-43705

HistorySep 30, 2023 - 1:46 a.m.

CVE-2023-43705 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

2023-09-3001:46:03

CWE-79

Fluid Attacks

www.cve.org

os commerce

cross-site scripting

vulnerability

injection

web browser

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.3%

JSON

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the “translation_value[1]” parameter,
potentially leading to unauthorized execution of scripts within a user’s web browser.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Os Commerce",
    "vendor": "Os Commerce",
    "versions": [
      {
        "status": "affected",
        "version": "4.12.56860"
      }
    ]
  }
]

References

fluidattacks.com/advisories/bts/

www.oscommerce.com/