CVE-2024-56175

Name of the Vulnerable Software and Affected Versions Optimizely Configured Commerce versions prior to 5.2.2408

Description The issue allows malicious payloads to be stored and executed in users' browsers under specific conditions due to a client-side template injection in list item names, leading to a cross-site scripting (XSS) attack.

Recommendations For versions prior to 5.2.2408, update to version 5.2.2408 or later to resolve the issue. As a temporary workaround, consider restricting the ability to inject templates in list item names to minimize the risk of exploitation.