Skip to main content

Configured Commerce

8 CVEs product

Monthly

CVE-2025-22387 HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-22386 HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-22385 MEDIUM This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Configured Commerce
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2025-22384 HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-22383 MEDIUM Monitor

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-56175 MEDIUM This Month

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-56174 HIGH This Week

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Configured Commerce
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-56173 MEDIUM This Month

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD
CVSS 3.1
4.7
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
EPSS 0% CVSS 7.3
HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Configured Commerce
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Configured Commerce
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy