PT-2022-22871 · Amasty+1 · Amasty Blog Pro+1
Published
2022-11-23
·
Updated
2025-04-28
·
CVE-2022-35501
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Amasty Blog Pro versions 2.10.3 through 2.10.4
Amasty Blog Pro versions prior to 2.10.4
Description
A Stored Cross-site Scripting (XSS) issue exists due to the duplicate post function in the Amasty Blog Pro plugin for Magento 2. The create post functionality is affected.
Recommendations
For Amasty Blog Pro versions 2.10.3 through 2.10.4, update to a version that fixes the Stored Cross-site Scripting issue.
For Amasty Blog Pro versions prior to 2.10.4, update to a version that fixes the Stored Cross-site Scripting issue.
As a temporary workaround, consider disabling the duplicate post function until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amasty Blog Pro
Magento 2