CVE-2025-22383

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22383
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.optimizely.com/hc/en-us/articles/32694923652493-Configured-Commerce-Security-Advisory-COM-2024-03 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:*
History

20 May 2025, 20:27

Type Values Removed Values Added
CPE cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:*
References () https://support.optimizely.com/hc/en-us/articles/32694923652493-Configured-Commerce-Security-Advisory-COM-2024-03 - () https://support.optimizely.com/hc/en-us/articles/32694923652493-Configured-Commerce-Security-Advisory-COM-2024-03 - Vendor Advisory
Summary
  • (es) Se descubrió un problema en Optimizely Configured Commerce antes de la versión 5.2.2408. Existe un problema de validación de entrada de gravedad media en la aplicación Commerce B2B, que afecta la función Contact Us. Esto permite que los visitantes envíen mensajes de correo electrónico que podrían contener marcado HTML sin filtrar en situaciones específicas.
First Time Optimizely configured Commerce
Optimizely

06 Jan 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.6

04 Jan 2025, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-04 02:15

Updated : 2025-05-20 20:27

NVD link : CVE-2025-22383

Mitre link : CVE-2025-22383

CVE.ORG link : CVE-2025-22383

JSON object : View

Products Affected

optimizely

  • configured_commerce
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')