CVE-2025-22388

{"id": "CVE-2025-22388", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2025-01-04T02:15:07.480", "references": [{"url": "https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Optimizely EPiServer.CMS.Core antes de la versi\u00f3n 12.22.0. Existe una vulnerabilidad de cross site scripting almacenado (XSS) de alta gravedad en el CMS, que permite a los actores maliciosos inyectar y ejecutar c\u00f3digo JavaScript arbitrario, lo que podr\u00eda comprometer los datos del usuario, aumentar los privilegios o ejecutar acciones no autorizadas. El problema existe en varias \u00e1reas, incluida la edici\u00f3n de contenido, la administraci\u00f3n de enlaces y la carga de archivos."}], "lastModified": "2025-05-20T20:11:04.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABD61602-AD14-4F20-901C-A10FB00BA3BF", "versionEndExcluding": "12.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}