Stored Cross-Site Scripting Vulnerability in Optimizely CMS
CVE-2025-22388
Currently unrated
What is CVE-2025-22388?
In Optimizely EPiServer.CMS.Core versions prior to 12.22.0, a vulnerability exists that allows attackers to exploit stored Cross-Site Scripting (XSS). This issue enables malicious users to inject arbitrary JavaScript code through multiple vectors, including content editing, link management, and file uploads. The potential consequences include unauthorized access to user data, privilege escalation, and the execution of unauthorized actions, thus posing a significant threat to the integrity and security of the CMS environment.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.