In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.
https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01
Source: Mitre, NVD
Published: 2024-12-18
Updated: 2025-06-05
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.00041