VYPR
Unrated severityNVD Advisory· Published Jan 4, 2025· Updated Jan 6, 2025

CVE-2025-22388

CVE-2025-22388

Description

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Optimizely/EPiServer.CMS.Coredescription
  • Episerver/CMSllm-fuzzy
    Range: <12.22.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.