CVE-2023-43705

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 30, 2023

Updated: Oct 19, 2023

CWE ID 79

Summary

CVE-2023-43705 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting the Os Commerce platform. Malicious actors can exploit this flaw by injecting JavaScript code into the "translation_value[1]" parameter, potentially gaining unauthorized access to user browsers. This issue could allow attackers to steal sensitive data, manipulate web pages, or install malware on unsuspecting users' devices. The Os Commerce community is advised to apply patches or updates as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

osCommerce

Affected Vendors

Oscommerce

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swGap3
https://www.cve.org/CVERecord?id=CVE-2023-43705
https://nvd.nist.gov/vuln/detail/CVE-2023-43705

Back to Vulnerability Database