Cross-Site Scripting Vulnerability in Optimizely Configured Commerce
CVE-2024-56173
Currently unrated
What is CVE-2024-56173?
CVE-2024-56173 is a critical cross-site scripting (XSS) vulnerability affecting Optimizely Configured Commerce versions before 5.2.2408. This vulnerability allows attackers to store malicious payloads within the application. Under specific conditions, these scripts can be executed in the browsers of unsuspecting users via SVG documents. If exploited, this can lead to unauthorized actions, session hijacking, and data exposure, posing a significant threat to user security and privacy. Users and organizations are advised to update to the latest version to mitigate risks associated with this flaw.