CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-43713

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.8%

CVSS Severity

CVSS v3 Score 5.4

References

https://fluidattacks.com/advisories/bts/
https://www.oscommerce.com/
https://fluidattacks.com/advisories/bts/
https://www.oscommerce.com/

Products affected by CVE-2023-43713

Oscommerce » Oscommerce » Version: 4.12.56860

cpe:2.3:a:oscommerce:oscommerce:4.12.56860

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-43713

Products

Pricing

Contact Us