CVE-2025-22383

Published Jan 4, 2025

Last updated a month ago

CVSS medium 4.6

Overview

Description
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.6
Impact score
2.5
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-79

Social media

Hype score
Not currently trending

References