In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Optimizely |
|
No data.
References
History
Mon, 14 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Thu, 05 Jun 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Optimizely
Optimizely configured Commerce |
|
| CPEs | cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Optimizely
Optimizely configured Commerce |
Wed, 18 Dec 2024 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 18 Dec 2024 05:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-18T00:00:00
Updated: 2024-12-18T15:52:01.786Z
Reserved: 2024-12-18T00:00:00
Link: CVE-2024-56173
Vulnrichment
Updated: 2024-12-18T15:51:29.924Z
NVD
Status : Analyzed
Published: 2024-12-18T06:15:23.780
Modified: 2025-06-05T20:58:21.423
Link: CVE-2024-56173
Redhat
No data.