CVE-2025-22383
CVSS 3.1 Score 4.6 of 10 (medium)
Details
Summary
CVE-2025-22383 is a medium-severity vulnerability affecting Optimizely's Configured Commerce before version 5.2.2408. The Commerce B2B application's Contact Us functionality contains an input validation issue. In certain situations, visitors can send e-mail messages with unfiltered HTML markup, which could potentially be exploited for malicious purposes. This vulnerability could lead to phishing attacks or the injection of malicious code into the e-mail system. It is recommended that users upgrade to the latest version of the Commerce B2B application to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Configured Commerce
Affected Vendors
- Optimizely