CVE-2022-35501

MEDIUM

Amasty Blog Pro - XSS

Title source: rule
STIX 2.1

Description

Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.

Exploits (1)

nomisec WRITEUP 1 stars
by afine-com · poc
https://github.com/afine-com/CVE-2022-35501

References (2)

Core 2
Core References

Scores

CVSS v3 5.4
EPSS 0.0020
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
amasty/blog_pro 2.10.3
amasty/blog_pro 2.10.4
Published Nov 23, 2022
Tracked Since Feb 18, 2026