Optimizely Cms

optimizely_cms

Vendor: Optimizely • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-22390 1Optimizely 1Optimizely Cms May 20, 2025 Jan 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits user...Show more An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.Show less
CVE-2025-22389 1Optimizely 1Optimizely Cms May 20, 2025 Jan 4, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of poten...Show more An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.Show less
CVE-2025-22388 1Optimizely 1Optimizely Cms May 20, 2025 Jan 4, 2025 N/A· v4 5.7 MEDIUM· v3 N/A· v2 An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaSc...Show more An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.Show less
CVE-2023-31754 1Optimizely 1Optimizely Cms Nov 21, 2024 Nov 14, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.