Home

Description

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.

PUBLISHED Reserved 2025-01-04 | Published 2025-01-04 | Updated 2025-01-06 | Assigner mitre

Problem types

CWE-598 Use of GET Request Method With Sensitive Query Strings

References

support.optimizely.com/...erce-Security-Advisory-COM-2024-06

cve.org (CVE-2025-22387)

nvd.nist.gov (CVE-2025-22387)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.