Cross-Site Scripting Vulnerability in Optimizely Configured Commerce
CVE-2024-56175

Currently unrated

Key Information:

Vendor: Optimizely
Status: Configured Commerce
Vendor: CVE Published:; 18 December 2024

What is CVE-2024-56175?

CVE-2024-56175 identifies a critical Cross-Site Scripting (XSS) vulnerability in Optimizely Configured Commerce versions before 5.2.2408. This flaw allows malicious actors to store harmful payloads that can be executed in the browsers of users under certain conditions, particularly through client-side template injection in list item names. It's crucial for users and administrators of affected versions to apply security patches and updates to mitigate potential exploitation and safeguard their web applications.

References

https://support.optimizely.com/hc/en-us/articles/32344323...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2024

JSON