Vulnerabilities > Amasty
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-29 | CVE-2022-36433 | Cross-site Scripting vulnerability in Amasty Blog PRO 2.10.3 The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save. | 6.1 |
2022-11-23 | CVE-2022-35501 | Cross-site Scripting vulnerability in Amasty Blog PRO 2.10.3/2.10.4 Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | 5.4 |
2022-11-23 | CVE-2022-35500 | Cross-site Scripting vulnerability in Amasty Blog PRO 2.10.3 Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | 5.4 |
2022-11-17 | CVE-2022-36432 | Cross-site Scripting vulnerability in Amasty Blog PRO The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. | 5.4 |