In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Optimizely |
|
No data.
References
History
Mon, 14 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Thu, 05 Jun 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Optimizely
Optimizely configured Commerce |
|
| CPEs | cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Optimizely
Optimizely configured Commerce |
Wed, 18 Dec 2024 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 18 Dec 2024 05:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-18T00:00:00
Updated: 2024-12-18T16:46:48.316Z
Reserved: 2024-12-18T00:00:00
Link: CVE-2024-56174
Vulnrichment
Updated: 2024-12-18T16:41:28.277Z
NVD
Status : Analyzed
Published: 2024-12-18T06:15:23.930
Modified: 2025-06-05T20:59:17.297
Link: CVE-2024-56174
Redhat
No data.