Configured Commerce Security Vulnerabilities and Issues — Configured Commerce CVE List

OptimizelyConfigured Commerce

8 matches found

CVE•added 2025/01/04 12:0 a.m.•77 views

CVE-2025-22385

Optimizely Configured Commerce before 5.2.2408 contains an issue where the Commerce B2B application does not require email confirmation for newly created accounts, enabling mass account creation and potential impacts to database storage (and non-requested storefront accounts). Affected version ra...

5.9CVSS6.5AI score0.00302EPSS

CVE•added 2025/01/04 12:0 a.m.•77 views

CVE-2025-22386

Optimizely Configured Commerce (pre-5.2.2408) has a medium-severity session issue in the Commerce B2B storefront where session tokens tied to logged-out sessions may remain active. Affected software: Optimizely Configured Commerce prior to version 5.2.2408. Root cause and impact are described acr...

7.3CVSS6.5AI score0.00274EPSS

CVE•added 2025/01/04 12:0 a.m.•76 views

CVE-2025-22387

Optimizely Configured Commerce before version 5.2.2408 is affected. A medium-severity issue exists in how session tokens are submitted via URL parameters, exposing authenticated session information and enabling potential session hijacking. Root cause: session token disclosure in URL requests. Aff...

7.5CVSS6.1AI score0.0036EPSS

CVE•added 2025/01/04 12:0 a.m.•70 views

CVE-2025-22384

CVE-2025-22384 affects Optimizely Configured Commerce prior to version 5.2.2408. The issue is a medium-severity business‑logic flaw in the Commerce B2B application that can let storefront visitors purchase discontinued products when requests are manipulated before reaching the server. Impact is d...

7.5CVSS6.5AI score0.004EPSS

CVE•added 2025/01/04 12:0 a.m.•64 views

CVE-2025-22383

CVE-2025-22383 affects Optimizely Configured Commerce prior to 5.2.2408. The issue is a medium-severity input validation flaw in the Commerce B2B Contact Us flow that could allow visitors to send emails containing unfiltered HTML markup in certain scenarios. Impact as stated is limited to this sc...

4.6CVSS6.3AI score0.00215EPSS

CVE•added 2024/12/18 12:0 a.m.•56 views

CVE-2024-56175

CVE-2024-56175 affects Optimizely Configured Commerce prior to 5.2.2408. The vulnerability arises from a client-side template injection in list item names, enabling stored XSS where malicious payloads can be stored and later executed in users’ browsers under specific conditions. Affected versions...

6.1CVSS6.2AI score0.00228EPSS

CVE•added 2024/12/18 12:0 a.m.•55 views

CVE-2024-56173

Optimizely Configured Commerce (before 5.2.2408) is affected by a stored XSS vulnerability: malicious payloads can be stored and later executed in users’ browsers via JavaScript in an SVG document under certain conditions. Root cause: XSS in SVG handling. Impact is browser-side compromise of affe...

4.7CVSS5.9AI score0.00268EPSS

CVE•added 2024/12/18 12:0 a.m.•49 views

CVE-2024-56174

Optimizely Configured Commerce prior to 5.2.2408 is affected by a stored XSS due to client-side template injection in search history. The vulnerability arises from storing malicious payloads that may be executed in users’ browsers under certain conditions. Affected software: Optimizely Configured...

8.1CVSS6.2AI score0.00365EPSS