CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

6.1CVSS6.5AI score0.00293EPSS

Exploits1

RedhatCVE•added 2025/05/22 11:8 p.m.•3 views

CVE-2022-36432

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...

5.4CVSS6.6AI score0.00266EPSS

Exploits1

CNVD•added 2022/11/30 12:0 a.m.•43 views

Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability

Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...

6.1CVSS6AI score0.00293EPSS

Exploits1References1

NVD•added 2022/11/29 1:15 p.m.•10 views

CVE-2022-36433

6.1CVSS0.00293EPSS

Exploits1References2

OSV•added 2022/11/29 1:15 p.m.•0 views

CVE-2022-36433

6.1CVSS5.8AI score0.00293EPSS

Exploits1References2

Prion•added 2022/11/29 1:15 p.m.•14 views

Design/Logic Flaw

5.8CVSS6.2AI score0.00293EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2022/11/29 12:0 a.m.•8 views

CVE-2022-36433

6.4AI score0.00293EPSS

Exploits1References2

CNNVD•added 2022/11/29 12:0 a.m.•2 views

Amasty Blog 跨站脚本漏洞

6.1CVSS5.9AI score0.00293EPSS

Exploits1References3

CVE•added 2022/11/29 12:0 a.m.•49 views

CVE-2022-36433

The CVE-2022-36433 entry concerns Amasty Blog Pro for Magento 2 (version 2.10.3) where the blog-post creation functionality permits JavaScript injection in the short_content and full_content fields, enabling XSS against admin users via posts/preview or posts/save. Root cause is unfiltered content...

6.1CVSS6.2AI score0.00293EPSS

Exploits1References2Affected Software1

CNVD•added 2022/11/25 12:0 a.m.•19 views

Amasty Blog Create Post Function Cross-Site Scripting Vulnerability

Amasty Blog is a website page extension for Amasty, Inc. A cross-site scripting vulnerability exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plug-ins, which can be exploited by attackers to inject cross-site code and launch XSS attacks...

5.4CVSS5.2AI score0.00209EPSS

Exploits0References1

CNVD•added 2022/11/25 12:0 a.m.•21 views

Amasty Blog commenting feature cross-site scripting vulnerability

Amasty Blog is a web page extension of Amasty Inc. A cross-site scripting vulnerability exists in the commenting functionality of Amasty Blog Pro version 2.10.3, which can be exploited by attackers to inject cross-site code and launch XSS attacks...

2.9AI score0.00209EPSS

Exploits0Affected Software1

NVD•added 2022/11/23 5:15 p.m.•10 views

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

5.4CVSS0.00209EPSS

Exploits0References2

OSV•added 2022/11/23 5:15 p.m.•2 views

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

5.4CVSS5.8AI score0.00209EPSS

Exploits0References2