CVE-2022-36433

CVSS V2 None CVSS V3 None
Description
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
Overview
  • CVE ID
  • CVE-2022-36433
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-29T13:15:10.420
  • Last Modified Date
  • 2022-12-01T21:50:26.180
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:amasty:amasty_blog_pro:*:*:*:*:*:magento_2:*:* 1 OR 2.10.5
References
Reference URL Reference Tags
https://github.com/afine-com/CVE-2022-36433 Exploit Third Party Advisory
https://weglow.ski Not Applicable
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:28 Added to TrackCVE