Cross-Site Scripting Vulnerability in Optimizely Configured Commerce
CVE-2024-56174
Currently unrated
What is CVE-2024-56174?
CVE-2024-56174 identifies a high-risk cross-site scripting (XSS) vulnerability in Optimizely's Configured Commerce prior to version 5.2.2408. This vulnerability allows attackers to inject and store malicious payloads in search history, which can be executed in users' browsers under certain conditions. Successful exploitation can lead to unauthorized actions and data exposure, making it imperative for users to update to the latest version to mitigate this risk.