CVE-2025-22388

Medium CVSS: 5.7

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.

Vendor

Optimizely

Product

Optimizely Cms

CWE

CWE-79

Yayın Tarihi

2025-01-04 02:15:07

Güncelleme

2025-05-20 20:11:04

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Optimizely Cms MEDIUM Optimizely 2025

Referanslar

https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01

Benzer Kayıtlar

Medium

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B…

High

CVE-2025-22386

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the…

High

CVE-2025-22387

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests fo…

High

CVE-2025-22389

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the C…

High

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the C…

Medium

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exis…