3 matches found
CVE-2025-22387
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking...
CVE-2025-22387
creationtimestamp| type| source ---|---|--- 2025-01-04 02:23:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113767706077728976 2025-01-04 03:53:12+00:00| seen| https://t.me/cvedetector/14254...
CVE-2025-22387
Optimizely Configured Commerce before version 5.2.2408 is affected. A medium-severity issue exists in how session tokens are submitted via URL parameters, exposing authenticated session information and enabling potential session hijacking. Root cause: session token disclosure in URL requests. Aff...