Skip to main content

Blog Pro

3 CVEs product

Monthly

CVE-2022-35501 MEDIUM This Month

Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Blog Pro
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35500 MEDIUM This Month

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Blog Pro
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36432 MEDIUM POC This Month

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Blog Pro
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Blog Pro
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Blog Pro
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Blog Pro
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy