An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.
References
Configurations
History
20 May 2025, 20:11
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01 - Vendor Advisory | |
CPE | cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:* | |
First Time |
Optimizely optimizely Cms
Optimizely |
06 Jan 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
04 Jan 2025, 03:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
04 Jan 2025, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-04 02:15
Updated : 2025-05-20 20:11
NVD link : CVE-2025-22388
Mitre link : CVE-2025-22388
CVE.ORG link : CVE-2025-22388
JSON object : View
Products Affected
optimizely
- optimizely_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')