Security Vulnerabilities (XSS) CVSS score >= 7
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "admin_firstname" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name]
" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "email_templates_key" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "title" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "tracking_number" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
| Max Base Score | 8.8 |
| Published | 2023-09-30 |
| Updated | 2023-09-30 |
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.
| Max Base Score | 7.2 |
| Published | 2023-09-28 |
| Updated | 2023-09-28 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-25 |
| Updated | 2023-09-26 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-25 |
| Updated | 2023-09-25 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-25 |
| Updated | 2023-09-26 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-25 |
| Updated | 2023-09-26 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-25 |
| Updated | 2023-09-26 |
| EPSS | 0.05% |
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-25 |
| Updated | 2023-09-26 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-27 |
| Updated | 2023-09-28 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-29 |
| Updated | 2023-09-30 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-29 |
| Updated | 2023-09-29 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-29 |
| Updated | 2023-09-29 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-29 |
| Updated | 2023-09-29 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-27 |
| Updated | 2023-09-28 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-27 |
| Updated | 2023-09-28 |
| EPSS | 0.05% |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions.
| Max Base Score | 7.1 |
| Published | 2023-09-27 |
| Updated | 2023-09-28 |
| EPSS | 0.05% |