The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.
References
Link | Resource |
---|---|
https://github.com/afine-com/CVE-2022-36432 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-17T00:00:00
Updated: 2022-11-17T00:00:00
Reserved: 2022-07-25T00:00:00
Link: CVE-2022-36432
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-17T05:15:14.290
Modified: 2022-11-21T19:39:46.673
Link: CVE-2022-36432
JSON object: View
Redhat Information
No data.
CWE