CVE-2024-11974

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 4, 2025
CWE ID 79

Summary

CVE-2025-22388 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability affecting Optimizely EPiServer.CMS.Core versions prior to 12.22.0. Malicious actors can exploit this issue by injecting and executing arbitrary JavaScript code in multiple areas of the CMS, including content editing, link management, and file uploads. This vulnerability poses a significant risk, as it could potentially lead to the compromise of user data, privilege escalation, and unauthorized actions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share