Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, which stems from an email confirmation not being required for newly created accounts...

CVE-2025-22385

Optimizely Configured Commerce before 5.2.2408 contains an issue where the Commerce B2B application does not require email confirmation for newly created accounts, enabling mass account creation and potential impacts to database storage (and non-requested storefront accounts). Affected version ra...

CVE-2025-22390

Optimizely EPiServer.CMS.Core prior to 12.32.0 contains a password- policy weakness where passwords as short as 6 characters may be set due to insufficient complexity enforcement. This vulnerability could enable offline cracking or password spraying in theory, given weak password requirements. Af...

CVE-2025-22386

Optimizely Configured Commerce (pre-5.2.2408) has a medium-severity session issue in the Commerce B2B storefront where session tokens tied to logged-out sessions may remain active. Affected software: Optimizely Configured Commerce prior to version 5.2.2408. Root cause and impact are described acr...

CVE-2025-22384

CVE-2025-22384 affects Optimizely Configured Commerce prior to version 5.2.2408. The issue is a medium-severity business‑logic flaw in the Commerce B2B application that can let storefront visitors purchase discontinued products when requests are manipulated before reaching the server. Impact is d...

CVE-2025-22387

Optimizely Configured Commerce before version 5.2.2408 is affected. A medium-severity issue exists in how session tokens are submitted via URL parameters, exposing authenticated session information and enabling potential session hijacking. Root cause: session token disclosure in URL requests. Aff...

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...

CVE-2025-22384

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching...

PT-2025-4483 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session,...

PT-2025-4481 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: An issue was discovered in Optimizely Configured Commerce where the Commerce B2B application does not require email confirmation for newly created accounts. This allows th...

Optimizely EPiServer.CMS.Core 安全漏洞

Optimizely EPiServer.CMS.Core is a content management system core from Optimizely. A security vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.22.0. An attacker can exploit this vulnerability to inject and execute arbitrary JavaScript code...

CVE-2025-22388

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting XSS vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or...

CVE-2025-22388

Optimizely EPiServer.CMS.Core prior to version 12.22.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the CMS, affecting areas such as content editing, link management, and file uploads. The issue allows an attacker to inject and execute arbitrary JavaScript, which could compromise...

PT-2025-4479 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that...

Optimizely EPiServer.CMS.Core 安全漏洞

Optimizely EPiServer.CMS.Core is a content management system core from Optimizely, Inc. A security vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.32.0 that stems from not properly validating uploaded files...

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

CVE-2025-22389

CVE-2025-22389 affects Optimizely EPiServer.CMS.Core (prior to 12.32.0). The root cause is improper validation of uploaded files, allowing potentially malicious file types (e.g., .docm, .html) to be uploaded and accessed by application users, enabling malicious actions or system compromise. Docum...

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from a vulnerability that allows session tokens bound to logged out sessions to remain active and available...

CVE-2025-22386

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable...

PT-2025-4480 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific...