CVE-2022-36433

Published: Nov 29, 2022

Modified: Apr 25, 2025

PUBLISHED

Description

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://weglow.ski

https://github.com/afine-com/CVE-2022-36433

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-36433

Description

Affected Products

References