CVE-2025-22383

Name of the Vulnerable Software and Affected Versions Optimizely Configured Commerce versions prior to 5.2.2408

Description A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.

Recommendations For versions prior to 5.2.2408, update to version 5.2.2408 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Contact Us functionality until a patch is available. Avoid allowing visitors to send e-mail messages that could contain HTML markup in specific scenarios.