How severe is CVE-2025-22388?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2025-22388?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-22388 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.

Related Vulnerabilities

CVE-2017-9546

MEDIUM

CVSS:5.7(Medium)

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.

CWE-792017

CVE-2019-0949

MEDIUM

CVSS:5.7(Medium)

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnera...

CWE-792019

CVE-2019-0950

MEDIUM

CVSS:5.7(Medium)

CWE-792019

CVE-2019-3418

MEDIUM

CVSS:5.7(Medium)

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability...

CWE-792019

CVE-2021-3988

MEDIUM

CVSS:5.7(Medium)

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or...

CWE-792021

CVE-2021-41101

MEDIUM

CVSS:5.7(Medium)

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `....

CWE-792021