CVE-2023-43713

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 30, 2023

Updated: Oct 19, 2023

CWE ID 79

Summary

CVE-2023-43713 is a recently disclosed Cross-Site Scripting (XSS) vulnerability affecting Os Commerce. The vulnerability resides in the "/admin/admin-menu/add-submit" endpoint, where the "title" parameter is susceptible to malicious input. An attacker can inject JavaScript code through this weakness, resulting in unauthorized execution of scripts in a user's web browser. This can potentially lead to session hijacking, data theft, or other malicious activities. Os Commerce users are urged to apply the necessary patches or updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

osCommerce

Affected Vendors

Oscommerce

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swGWT4
https://www.cve.org/CVERecord?id=CVE-2023-43713
https://nvd.nist.gov/vuln/detail/CVE-2023-43713

Back to Vulnerability Database