CVE-2023-43706

Name of the Vulnerable Software and Affected Versions Os Commerce (affected versions not specified)

Description The issue is a Cross-Site Scripting (XSS) vulnerability that allows attackers to inject JavaScript through the email templates key parameter. This could potentially lead to unauthorized execution of scripts within a user's web browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the email templates key parameter to minimize the risk of exploitation. Avoid using the email templates key parameter in affected API endpoints until the issue is resolved.