📦 Configured Commerce

This vulnerability allows session tokens from logged-out users to remain active and usable in Optimizely Configured Commerce B2B storefronts. Attackers could potentially hijack sessions and perform un...

This vulnerability in Optimizely Configured Commerce exposes session tokens in URL parameters, allowing attackers to hijack authenticated user sessions. It affects all Optimizely Configured Commerce i...

This vulnerability allows attackers to purchase discontinued products by manipulating requests before they reach the server. It affects Optimizely Configured Commerce B2B storefronts running versions ...

This vulnerability allows attackers to inject malicious scripts into Optimizely Configured Commerce search history, which then execute in users' browsers when they view their search history. It affect...

Optimizely Configured Commerce versions before 5.2.2408 allow mass account creation without email confirmation for new accounts. This affects all B2B e-commerce deployments using vulnerable versions, ...

A cross-site scripting (XSS) vulnerability exists in Optimizely Configured Commerce's Contact Us functionality that allows visitors to inject unfiltered HTML markup into email messages. This affects a...

This is a stored cross-site scripting (XSS) vulnerability in Optimizely Configured Commerce where malicious JavaScript in SVG documents can be injected and later executed in users' browsers. It affect...