afine-com/CVE-2022-36433

Releases0

Stars1

Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-36433 ↗	Nov 29, 2022Tuesday, 29 November 2022, 13:15	6.1 MEDIUM	—
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.