Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amasty blog pro 2.10.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35501
Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.
Amasty Blog Pro 2.10.3
Amasty Blog Pro 2.10.4
1 Github repository
NA
CVE-2022-35500
Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.
Amasty Blog Pro 2.10.3
1 Github repository
NA
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
Amasty Amasty Blog Pro
1 Github repository
NA
CVE-2022-36432
The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows malicious users to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.
Amasty Blog Pro
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started