Stored Cross-Site Scripting Vulnerability in Optimizely CMS
CVE-2025-22388

Currently unrated

Key Information:

Vendor: Optimizely
Status: Optimizely Cms
Vendor: CVE Published:; 4 January 2025

What is CVE-2025-22388?

In Optimizely EPiServer.CMS.Core versions prior to 12.22.0, a vulnerability exists that allows attackers to exploit stored Cross-Site Scripting (XSS). This issue enables malicious users to inject arbitrary JavaScript code through multiple vectors, including content editing, link management, and file uploads. The potential consequences include unauthorized access to user data, privilege escalation, and the execution of unauthorized actions, thus posing a significant threat to the integrity and security of the CMS environment.

References

https://support.optimizely.com/hc/en-us/articles/33182047...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2025
Vulnerability Reserved
Jan 4, 2025

JSON