CVE-2023-43713 Information

Description

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability which allows attackers to inject JS via the itle\ parameter in the /admin/admin-menu/add-submit\nendpoint which can lead to unauthorized execution of scripts in a user’s web browser.

Reference

https://fluidattacks.com/advisories/bts/ https://www.oscommerce.com/