← Back

Configured Commerce

configured_commerce

Vendor: Optimizely • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-22387
1Optimizely
1Configured Commerce
May 21, 2025
Jan 4, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about...Show more
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.Show less
CVE-2025-22386
1Optimizely
1Configured Commerce
May 20, 2025
Jan 4, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows...Show more
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.Show less
CVE-2025-22385
1Optimizely
1Configured Commerce
May 20, 2025
Jan 4, 2025
N/A· v4
5.9 MEDIUM· v3
N/A· v2
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation...Show more
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.Show less
CVE-2025-22384
1Optimizely
1Configured Commerce
May 20, 2025
Jan 4, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinu...Show more
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.Show less
CVE-2025-22383
1Optimizely
1Configured Commerce
May 20, 2025
Jan 4, 2025
N/A· v4
4.6 MEDIUM· v3
N/A· v2
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to...Show more
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.Show less
CVE-2024-56175
1Optimizely
1Configured Commerce
Jun 5, 2025
Dec 18, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.
CVE-2024-56174
1Optimizely
1Configured Commerce
Jun 5, 2025
Dec 18, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.
CVE-2024-56173
1Optimizely
1Configured Commerce
Jun 5, 2025
Dec 18, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.