CVE-2023-43713

Name of the Vulnerable Software and Affected Versions Os Commerce (affected versions not specified)

Description The issue is a Cross-Site Scripting (XSS) vulnerability that allows attackers to inject JavaScript via the title parameter in the "/admin/admin-menu/add-submit" endpoint. This can lead to unauthorized execution of scripts in a user's web browser.

Recommendations As a temporary workaround, consider restricting access to the "/admin/admin-menu/add-submit" endpoint until a patch is available. Avoid using the title parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.