Marcin Wägåowski

**Name of the Vulnerable Software and Affected Versions** Amasty Blog Pro version 2.10.3 **Description** The blog-post creation functionality in the Amasty Blog Pro plugin for Magento 2 allows injection of JavaScript code in the `short content` and `full content` fields, leading to XSS attacks against admin panel users via "posts/preview" or "posts/save" endpoints. **Recommendations** For Amasty Blog Pro version 2.10.3, consider disabling the blog-post creation functionality until a patch is available to prevent XSS attacks. Restrict access to the "posts/preview" and "posts/save" endpoints to minimize the risk of exploitation. Avoid using the `short content` and `full content` fields in the affected plugin until the issue is resolved.