CVE-2025-27801

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27801
The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit" section of the CMS, offered an upload functionality for documents. These documents could later be used as displayed content on the page. It was possible to upload SVG files that include malicious JavaScript code that would be executed if a user visited the direct URL of the preview image. Attackers needed at least the role "WebEditor" in order to exploit this issue. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3)

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#
https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#
https://r.sec-consult.com/optimizely
Configurations

No configuration.

History

29 Jul 2025, 14:14

Type Values Removed Values Added
Summary
  • (es) Episerver Content Management System (CMS) by Optimizely se vio afectado por múltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenado. Esto permitió que un atacante autenticado ejecutara código JavaScript malicioso en el navegador de la víctima. Las propiedades ContentReference, disponibles en la sección "Edit" del CMS, ofrecían la función de carga de documentos. Estos documentos podían utilizarse posteriormente como contenido mostrado en la página. Era posible cargar archivos SVG con código JavaScript malicioso que se ejecutaba si un usuario visitaba la URL directa de la imagen de vista previa. Los atacantes necesitaban al menos el rol "WebEditor" para explotar este problema. Productos afectados: Versión 11.X: EPiServer.CMS.Core (&lt;11.21.4) con EPiServer.CMS.UI (&lt;11.37.5), Versión 12.X: EPiServer.CMS.Core (&lt;12.22.1) con EPiServer.CMS.UI (&lt;11.37.3)

29 Jul 2025, 10:15

Type Values Removed Values Added
References
  • {'url': 'https://support.optimizely.com/hc/en-us/articles/30886353301645-2025-Optimizely-CMS-11-PaaS-release-notes#h_01K09MR1SZS4FEAPD4478GQ0FR', 'source': '551230f0-3615-47bd-b7cc-93e92e730bbf'}
  • {'url': 'https://support.optimizely.com/hc/en-us/articles/37757063222029-2024-Optimizely-CMS-12-PaaS-release-notes#h_01JN4AZV48WKNADH3KWC2GYDS5', 'source': '551230f0-3615-47bd-b7cc-93e92e730bbf'}
  • () https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4# -
  • () https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1# -
  • () https://r.sec-consult.com/optimizely -

28 Jul 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-28 09:15

Updated : 2025-07-29 14:14

NVD link : CVE-2025-27801

Mitre link : CVE-2025-27801

CVE.ORG link : CVE-2025-27801

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')