Skip to content
/ CVE-2022-35500 Public

Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

afine-com/CVE-2022-35500

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2022-35500

Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2

Description

The leave comment functionality in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 allows injection of JavaScript code in the AmBlogLeaveComment mutation in name parameter via GraphQL endpoint. The JavaScript code is executed when the victim (administrator) tries to remove the comment from the admin panel.

Affected versions

< 2.10.5

Advisory

Update Amasty Blog Pro for Magento 2 to 2.10.5 or newer.

References

About

Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published