CVE-2025-22387 – Optimizely Configured Commerce Session Hijacking Vulnerability

1月 4, 2025
3:16 am

CVE ID : CVE-2025-22387

Published : Jan. 4, 2025, 2:15 a.m. | 1 hour, 1 minute ago

Description : An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-22387 – Optimizely Configured Commerce Session Hijacking Vulnerability

Elvescore.io

Recent Posts

CVE-2024-13142 – ZeroWd StudentManager Remote Cross-Site Scripting (XSS) Vulnerability

CVE-2025-0233 – Codezips Project Management System SQL Injection

CVE-2025-0231 – Codezips Gym Management System SQL Injection

CVE-2025-0232 – Codezips Blood Bank Management System SQL Injection Vulnerability

CVE-2025-0230 – “Code-Projects Responsive Hotel Site SQL Injection”

CVE-2025-0229 – “Code-projects Travel Management System SQL Injection Vulnerability”

CVE-2025-22387 – Optimizely Configured Commerce Session Hijacking Vulnerability

CVE-2025-22387 – Optimizely Configured Commerce Session Hijacking Vulnerability