64 matches found
CVE-2025-22384
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching...
CVE-2025-22383
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...
CVE-2025-22387
Optimizely Configured Commerce before version 5.2.2408 is affected. A medium-severity issue exists in how session tokens are submitted via URL parameters, exposing authenticated session information and enabling potential session hijacking. Root cause: session token disclosure in URL requests. Aff...
CVE-2025-22387
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking...
CVE-2025-22386
Optimizely Configured Commerce (pre-5.2.2408) has a medium-severity session issue in the Commerce B2B storefront where session tokens tied to logged-out sessions may remain active. Affected software: Optimizely Configured Commerce prior to version 5.2.2408. Root cause and impact are described acr...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, which stems from an email confirmation not being required for newly created accounts...
CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408 that originates from allowing visitors to send emails that may contain unfiltered HTML tags under certain circumstances...
CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408 that stems from allowing storefront visitors to purchase discontinued products...
CVE-2025-22383
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...
PT-2025-4479 · Optimizely · Optimizely Configured Commerce
Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that...
CVE-2025-22385
Optimizely Configured Commerce before 5.2.2408 contains an issue where the Commerce B2B application does not require email confirmation for newly created accounts, enabling mass account creation and potential impacts to database storage (and non-requested storefront accounts). Affected version ra...
CVE-2025-22386
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, which stems from the ability to disclose information about authenticated sessions...
CVE-2025-22384
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching...
PT-2025-4482 · Optimizely · Optimizely Configured Commerce
Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from a vulnerability that allows session tokens bound to logged out sessions to remain active and available...
PT-2025-4480 · Optimizely · Optimizely Configured Commerce
Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific...
CVE-2025-22383
CVE-2025-22383 affects Optimizely Configured Commerce prior to 5.2.2408. The issue is a medium-severity input validation flaw in the Commerce B2B Contact Us flow that could allow visitors to send emails containing unfiltered HTML markup in certain scenarios. Impact as stated is limited to this sc...