Vulnerabilities > CVE-2023-43708 - Unspecified vulnerability in Oscommerce 4.12.56860

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

oscommerce

NVD

Published: 2023-09-30

Updated: 2024-11-21

Summary

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

Vulnerable Configurations

Part	Description	Count
Application	Oscommerce Oscommerce Oscommerce 4.12.56860	1

References

https://fluidattacks.com/advisories/bts/
https://fluidattacks.com/advisories/bts/
https://www.oscommerce.com/
https://www.oscommerce.com/