3 matches found
CVE-2022-36432
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...
CVE-2022-36432
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...
CVE-2022-36432
CVE-2022-36432 affects Amasty Blog Pro 2.10.3 for Magento 2. The Preview functionality uses eval unsafely, enabling Cross-site Scripting on admin panel users by manipulating the generated preview response. Root cause is unsafe use of eval in the preview flow. Human interaction is required (UI: R)...