64 matches found
CVE-2024-56173
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...
CVE-2024-56174
Optimizely Configured Commerce prior to 5.2.2408 is affected by a stored XSS due to client-side template injection in search history. The vulnerability arises from storing malicious payloads that may be executed in users’ browsers under certain conditions. Affected software: Optimizely Configured...
CVE-2024-56173
Optimizely Configured Commerce (before 5.2.2408) is affected by a stored XSS vulnerability: malicious payloads can be stored and later executed in users’ browsers via JavaScript in an SVG document under certain conditions. Root cause: XSS in SVG handling. Impact is browser-side compromise of affe...
CVE-2024-56175
CVE-2024-56175 affects Optimizely Configured Commerce prior to 5.2.2408. The vulnerability arises from a client-side template injection in list item names, enabling stored XSS where malicious payloads can be stored and later executed in users’ browsers under specific conditions. Affected versions...