Optimizely Configured Commerce Session Hijacking Vulnerability

Vulnerability

A medium-severity session hijacking vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. The issue arises when session tokens are transmitted as URL parameters, exposing sensitive information about the authenticated session.

Impact

Exploitation of this vulnerability could lead to unauthorized access to an authenticated user's session, allowing an attacker to impersonate the user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Optimizely Configured Commerce Session Hijacking Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating