Optimizely Configured Commerce Input Validation Vulnerability in B2B Contact Us Functionality

Vulnerability

A medium-severity input validation vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. This issue affects the Commerce B2B application, specifically the Contact Us feature, by allowing visitors to send email messages that could include unfiltered HTML markup under certain conditions.

Impact

Exploitation of this vulnerability could lead to the injection of unfiltered HTML into email messages, potentially allowing for cross-site scripting (XSS) attacks if the HTML is not properly sanitized before being displayed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Optimizely Configured Commerce Input Validation Vulnerability in B2B Contact Us Functionality

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating