afine-com/CVE-2022-36432

Releases0

Stars1

Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-36432 ↗	Nov 17, 2022Thursday, 17 November 2022, 05:15	5.4 MEDIUM	—
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.