CVE-2025-22388

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.
Configurations

Configuration 1 (hide)

cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:*

History

20 May 2025, 20:11

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Optimizely EPiServer.CMS.Core antes de la versión 12.22.0. Existe una vulnerabilidad de cross site scripting almacenado (XSS) de alta gravedad en el CMS, que permite a los actores maliciosos inyectar y ejecutar código JavaScript arbitrario, lo que podría comprometer los datos del usuario, aumentar los privilegios o ejecutar acciones no autorizadas. El problema existe en varias áreas, incluida la edición de contenido, la administración de enlaces y la carga de archivos.
References () https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01 - () https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01 - Vendor Advisory
CPE cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:*
First Time Optimizely optimizely Cms
Optimizely

06 Jan 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.7

04 Jan 2025, 03:15

Type Values Removed Values Added
CWE CWE-79

04 Jan 2025, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-04 02:15

Updated : 2025-05-20 20:11


NVD link : CVE-2025-22388

Mitre link : CVE-2025-22388

CVE.ORG link : CVE-2025-22388


JSON object : View

Products Affected

optimizely

  • optimizely_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')