Cross site scripting

2022-11-1705:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

preview functionality

amasty blog pro

magento 2

eval unsafely

cross-site scripting attacks

admin panel users

application response

0.001 Low

EPSS

Percentile

24.8%

JSON

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.

CPENameOperatorVersion
blog_prolt2.10.5

CPE	Name	Operator	Version
	blog_pro	lt	2.10.5

References

github.com/afine-com/CVE-2022-36432

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for PRION:CVE-2022-36432