Lucene search
K

64 matches found

OSV
OSV
added 2025/01/04 2:15 a.m.4 views

CVE-2025-22384

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching...

7.5CVSS5.8AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 2:15 a.m.12 views

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...

4.6CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/01/04 12:0 a.m.78 views

CVE-2025-22387

Optimizely Configured Commerce before version 5.2.2408 is affected. A medium-severity issue exists in how session tokens are submitted via URL parameters, exposing authenticated session information and enabling potential session hijacking. Root cause: session token disclosure in URL requests. Aff...

7.5CVSS6.1AI score0.00366EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/04 12:0 a.m.28 views

CVE-2025-22387

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking...

0.00366EPSS
Exploits0References1
CVE
CVE
added 2025/01/04 12:0 a.m.82 views

CVE-2025-22386

Optimizely Configured Commerce (pre-5.2.2408) has a medium-severity session issue in the Commerce B2B storefront where session tokens tied to logged-out sessions may remain active. Affected software: Optimizely Configured Commerce prior to version 5.2.2408. Root cause and impact are described acr...

7.3CVSS6.5AI score0.00279EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.3 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, which stems from an email confirmation not being required for newly created accounts...

5.9CVSS6.6AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.7 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

6.8AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.5 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408 that originates from allowing visitors to send emails that may contain unfiltered HTML tags under certain circumstances...

4.6CVSS6.5AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/04 12:0 a.m.21 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.5 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408 that stems from allowing storefront visitors to purchase discontinued products...

7.5CVSS6.6AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.8 views

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...

4.6AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.4 views

PT-2025-4479 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that...

4.6CVSS6.2AI score0.00219EPSS
Exploits0References7
CVE
CVE
added 2025/01/04 12:0 a.m.80 views

CVE-2025-22385

Optimizely Configured Commerce before 5.2.2408 contains an issue where the Commerce B2B application does not require email confirmation for newly created accounts, enabling mass account creation and potential impacts to database storage (and non-requested storefront accounts). Affected version ra...

5.9CVSS6.5AI score0.00308EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.6 views

CVE-2025-22386

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable...

6.8AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.3 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, which stems from the ability to disclose information about authenticated sessions...

7.5CVSS6.2AI score0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.10 views

CVE-2025-22384

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching...

7.5AI score0.00407EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.5 views

PT-2025-4482 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to...

7.3CVSS7.1AI score0.00279EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.4 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from a vulnerability that allows session tokens bound to logged out sessions to remain active and available...

7.3CVSS6.6AI score0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.5 views

PT-2025-4480 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific...

7.5CVSS7.2AI score0.00407EPSS
Exploits0References6
CVE
CVE
added 2025/01/04 12:0 a.m.66 views

CVE-2025-22383

CVE-2025-22383 affects Optimizely Configured Commerce prior to 5.2.2408. The issue is a medium-severity input validation flaw in the Commerce B2B Contact Us flow that could allow visitors to send emails containing unfiltered HTML markup in certain scenarios. Impact as stated is limited to this sc...

4.6CVSS6.3AI score0.00219EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder