EPSS
Percentile
22.7%
oro/commerce is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the shipping rule edit page which allows an attacker to inject and execute arbitrary JavaScript.
github.com/oroinc/orocommerce/commit/8331fcecc7465b62d9846ccfd71d252dad536b5a
github.com/oroinc/orocommerce/commit/cf17c71c6318d604fdac2d10232eb7087eb95c91
github.com/oroinc/orocommerce/security/advisories/GHSA-4vf4-955g-vxp2