Lucene search
Fluid AttacksCVELIST:CVE-2023-43720HistorySep 30, 2023 - 9:19 p.m.
CVE-2023-43720 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
2023-09-3021:19:54
CWE-79
Fluid Attacks
www.cve.org
2
os commerce
xss
vulnerability
cross-site scripting
unauthorized execution
web browser
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.0%
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the “BILLING_GENDER_TITLE[1]” parameter,
potentially leading to unauthorized execution of scripts within a user’s web browser.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Os Commerce",
"vendor": "Os Commerce",
"versions": [
{
"status": "affected",
"version": "4.12.56860"
}
]
}
]Related
prion
prion
Cross site scripting
2023-09-30 22:15:00
nvd
nvd
CVE-2023-43720
2023-09-30 22:15:10
cve
cve
CVE-2023-43720
2023-09-30 22:15:10
vulnrichment
vulnrichment
CVE-2023-43720 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
2023-09-30 21:19:54
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.0%
Related for CVELIST:CVE-2023-43720