CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

CVE-2024-56173

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...

CVE-2024-56174

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...

CVE-2024-56173

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...

CVE-2024-56174

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from the inclusion of a stored cross-site scripting vulnerability...

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from the inclusion of a stored cross-site scripting vulnerability...

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from the inclusion of a stored cross-site scripting vulnerability...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

CVE-2024-56174

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...

CVE-2024-56173

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...

CVE-2024-56175

CVE-2024-56175 affects Optimizely Configured Commerce prior to 5.2.2408. The vulnerability arises from a client-side template injection in list item names, enabling stored XSS where malicious payloads can be stored and later executed in users’ browsers under specific conditions. Affected versions...

CVE-2024-56174

Optimizely Configured Commerce prior to 5.2.2408 is affected by a stored XSS due to client-side template injection in search history. The vulnerability arises from storing malicious payloads that may be executed in users’ browsers under certain conditions. Affected software: Optimizely Configured...

CVE-2024-56173

Optimizely Configured Commerce (before 5.2.2408) is affected by a stored XSS vulnerability: malicious payloads can be stored and later executed in users’ browsers via JavaScript in an SVG document under certain conditions. Root cause: XSS in SVG handling. Impact is browser-side compromise of affe...

CVE-2024-56175

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names...

CVE-2024-56173

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...

CVE-2024-56174

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history...