optimizely configured_commerce CVE 漏洞(8)

CVE 数: 8 CPE versions: View versions table

摘要

本页列出影响 optimizely configured_commerce 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。

显示 188 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-22387 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking. [email protected] 7.5 0.38% 2025-01-03 2026-06-17
CVE-2025-22386 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable. [email protected] 7.3 0.27% 2025-01-03 2026-06-17
CVE-2025-22385 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors. [email protected] 5.9 0.30% 2025-01-03 2026-06-17
CVE-2025-22384 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server. [email protected] 7.5 0.37% 2025-01-03 2026-06-17
CVE-2025-22383 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios. [email protected] 4.6 0.21% 2025-01-03 2026-06-17
CVE-2024-56175 In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names. [email protected] 6.1 0.22% 2024-12-18 2026-06-17
CVE-2024-56174 In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. [email protected] 8.1 0.36% 2024-12-18 2026-06-17
CVE-2024-56173 In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. [email protected] 4.7 0.26% 2024-12-18 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence