CVE-2024-11974
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 4, 2025
CWE ID 79
Summary
CVE-2025-22388 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability affecting Optimizely EPiServer.CMS.Core versions prior to 12.22.0. Malicious actors can exploit this issue by injecting and executing arbitrary JavaScript code in multiple areas of the CMS, including content editing, link management, and file uploads. This vulnerability poses a significant risk, as it could potentially lead to the compromise of user data, privilege escalation, and unauthorized actions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share