Optimizely EPiServer.CMS.Core Stored Cross-Site Scripting Vulnerability

Vulnerability

A high-severity stored cross-site scripting vulnerability has been identified in Optimizely EPiServer.CMS.Core versions prior to 12.22.0. This vulnerability allows malicious actors to inject and execute arbitrary JavaScript code within the CMS. The issue could lead to the compromise of user data, unauthorized privilege escalation, or execution of unauthorized actions. The vulnerability is present in several areas of the CMS, including content editing, link management, and file uploads.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Optimizely EPiServer.CMS.Core Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating