Lucene search
K

47 matches found

Nuclei
Nuclei
added yesterday8 views

Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 4.0.0 contains an unrestricted file upload vulnerability caused by lack of authentication and validation in the upload endpoint, letting unauthenticated attackers upload arbitrary files including PHP, enabling remote code execution or malware hosting. id:...

9.8CVSS6.7AI score0.04591EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-53787

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS0.04591EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:52 p.m.12 views

EUVD-2026-36430

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 1:52 p.m.10 views

CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS6.2AI score0.04591EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 1:52 p.m.41 views

CVE-2026-53787

Amasty Order Attributes for Magento 2 (versions

9.8CVSS6.2AI score0.04591EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-35500

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting XSS via leave comment functionality...

5.4CVSS6AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.15 views

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

5.4CVSS6AI score0.00495EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39144

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00534EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-38388

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00495EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-38389

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00495EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39145

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00566EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 p.m.11 views

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

6.1CVSS6.5AI score0.00566EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 11:8 p.m.7 views

CVE-2022-36432

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...

5.4CVSS6.6AI score0.00534EPSS
Exploits1
CNVD
CNVD
added 2022/11/30 12:0 a.m.45 views

Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability

Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...

6.1CVSS6AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2022/11/29 1:15 p.m.6 views

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

6.1CVSS5.8AI score0.00566EPSS
Exploits1References2
NVD
NVD
added 2022/11/29 1:15 p.m.27 views

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

6.1CVSS0.00566EPSS
Exploits1References2
Prion
Prion
added 2022/11/29 1:15 p.m.22 views

Design/Logic Flaw

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

5.8CVSS6.2AI score0.00566EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.5 views

Amasty Blog 跨站脚本漏洞

Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...

6.1CVSS5.9AI score0.00566EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/29 12:0 a.m.10 views

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

6.4AI score0.00566EPSS
Exploits1References2
Rows per page
Query Builder