{"id":9107,"date":"2025-07-28T04:46:39","date_gmt":"2025-07-28T04:46:39","guid":{"rendered":"http:\/\/localhost\/?p=9107"},"modified":"2025-07-28T04:46:39","modified_gmt":"2025-07-28T04:46:39","slug":"stored-cross-site-scripting-in-episerver-content-management-system-cms-media-selection-preview","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9107","title":{"rendered":"Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nStored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-28T08:40:15.815Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-28T08:48:57.123Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nOptimizely<\/td>\n<\/tr>\n
Product<\/th>\nEpiserver Content Management System (CMS)<\/td>\n<\/tr>\n
Version<\/th>\n11.x<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n4.6 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:A\/VC:N\/VI:N\/VA:N\/SC:L\/SI:L\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe Episerver Content Management System (CMS) by Optimizely is vulnerable to Stored Cross-Site Scripting (XSS) attacks. This allows authenticated attackers with the ‘WebEditor’ role to execute malicious JavaScript by uploading SVG files with embedded scripts. The vulnerability affects versions 11.x and 12.x of the CMS.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nOptimizely<\/td>\n<\/tr>\n
AI Product<\/th>\nEpiserver Content Management System (CMS)<\/td>\n<\/tr>\n
AI Version<\/th>\n11.x, 12.x<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n