CVE-2023-43723: Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
First published: Sat Sep 30 2023(Updated: )
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Credit: help@fluidattacks.com help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oscommerce Oscommerce | =4.12.56860 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Os Commerce vulnerability?
The vulnerability ID for this Os Commerce vulnerability is CVE-2023-43723.
What is the severity of CVE-2023-43723?
The severity of CVE-2023-43723 is high with a severity value of 5.4.
How does this vulnerability affect Os Commerce?
This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter in Os Commerce, potentially leading to unauthorized execution of scripts within a user's web browser.
What is the affected software and version for CVE-2023-43723?
The affected software and version for CVE-2023-43723 is Oscommerce 4.12.56860.
How can I fix the CVE-2023-43723 vulnerability in Os Commerce?
To fix the CVE-2023-43723 vulnerability in Os Commerce, it is recommended to update to a version that has fixed this vulnerability or apply any available patches or fixes provided by Os Commerce.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/oscommerce
- canonical/oscommerce oscommerce
- version/oscommerce oscommerce/4.12.56860