An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Optimizely |
|
No data.
References
History
Tue, 20 May 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Optimizely
Optimizely optimizely Cms |
|
| CPEs | cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Optimizely
Optimizely optimizely Cms |
Mon, 06 Jan 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Sat, 04 Jan 2025 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads. | |
| Weaknesses | CWE-79 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-01-04T00:00:00
Updated: 2025-01-06T15:11:11.504Z
Reserved: 2025-01-04T00:00:00
Link: CVE-2025-22388
Vulnrichment
Updated: 2025-01-06T15:03:49.172Z
NVD
Status : Analyzed
Published: 2025-01-04T02:15:07.480
Modified: 2025-05-20T20:11:04.087
Link: CVE-2025-22388
Redhat
No data.