CVE-2023-43714

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 30, 2023

Updated: Oct 19, 2023

CWE ID 79

Summary

CVE-2023-43714 is a newly discovered Cross-Site Scripting (XSS) vulnerability affecting Os Commerce. This issue enables attackers to inject malicious JavaScript code into a webpage by manipulating the "SKIP_CART_PAGE_TITLE[1]" parameter. Successful exploitation could result in unauthorized execution of scripts within a user's web browser, potentially leading to data theft or other forms of unauthorized access. Users and administrators are strongly advised to apply the available patch or upgrade their Os Commerce installation to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

osCommerce

Affected Vendors

Oscommerce

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swGQSO
https://www.cve.org/CVERecord?id=CVE-2023-43714
https://nvd.nist.gov/vuln/detail/CVE-2023-43714

Back to Vulnerability Database