CVE-2022-36432
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.
Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2
GitHub