CVE-2025-22383

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22383
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.optimizely.com/hc/en-us/articles/32694923652493-Configured-Commerce-Security-Advisory-COM-2024-03 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-01-04 02:15

Updated : 2025-05-20 20:27

NVD link : CVE-2025-22383

Mitre link : CVE-2025-22383

CVE.ORG link : CVE-2025-22383

JSON object : View

Products Affected

optimizely

  • configured_commerce
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')