Optimizely

Configured Commerce

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-22385

  • EPSS 0.39%
  • Veröffentlicht 04.01.2025 02:15:07
  • Zuletzt bearbeitet 20.05.2025 20:12:36

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affec...

7.3

CVE-2025-22386

  • EPSS 0.2%
  • Veröffentlicht 04.01.2025 02:15:07
  • Zuletzt bearbeitet 20.05.2025 20:12:18

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged...

7.5

CVE-2025-22387

  • EPSS 0.28%
  • Veröffentlicht 04.01.2025 02:15:07
  • Zuletzt bearbeitet 21.05.2025 17:05:51

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, whi...

4.6

CVE-2025-22383

  • EPSS 0.31%
  • Veröffentlicht 04.01.2025 02:15:06
  • Zuletzt bearbeitet 20.05.2025 20:27:47

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that coul...

7.5

CVE-2025-22384

  • EPSS 0.27%
  • Veröffentlicht 04.01.2025 02:15:06
  • Zuletzt bearbeitet 20.05.2025 20:27:35

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenar...

6.1

CVE-2024-56175

  • EPSS 0.5%
  • Veröffentlicht 18.12.2024 06:15:24
  • Zuletzt bearbeitet 05.06.2025 20:59:27

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.

4.7

CVE-2024-56173

  • EPSS 0.45%
  • Veröffentlicht 18.12.2024 06:15:23
  • Zuletzt bearbeitet 05.06.2025 20:58:21

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.

8.1

CVE-2024-56174

  • EPSS 0.57%
  • Veröffentlicht 18.12.2024 06:15:23
  • Zuletzt bearbeitet 05.06.2025 20:59:17

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.