CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-43717

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://fluidattacks.com/advisories/bts/
https://www.oscommerce.com/
https://fluidattacks.com/advisories/bts/
https://www.oscommerce.com/

Products affected by CVE-2023-43717

Oscommerce » Oscommerce » Version: 4.12.56860

cpe:2.3:a:oscommerce:oscommerce:4.12.56860

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-43717

Products

Pricing

Contact Us