Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-85514
HistoryNov 25, 2022 - 12:00 a.m.

Amasty Blog commenting feature cross-site scripting vulnerability

2022-11-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
6

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Amasty Blog is a web page extension of Amasty Inc. A cross-site scripting vulnerability exists in the commenting functionality of Amasty Blog Pro version 2.10.3, which can be exploited by attackers to inject cross-site code and launch XSS attacks.

CPENameOperatorVersion
amasty amasty blogeq2.10.3

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Related for CNVD-2022-85514