CVSS 3.1 Score 5.4 of 10 (medium)


Published Sep 30, 2023
Updated: Oct 19, 2023


CVE-2023-43706 is a Cross-Site Scripting (XSS) vulnerability affecting Os Commerce. The vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. The affected product is Os Commerce and the recommended remediation is to update to the latest version to patch the vulnerability. This vulnerability poses a medium risk with a base severity of 5.4, requiring low privileges and user interaction, and exploiting it requires network access. The impact score is 2.7, with low integrity and confidentiality impact, and no availability impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-43706 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options