CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creates post functionality and lower versions.

**CVE-2022-35501**

Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2

**Description**

The post creation functionality in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 allows injection of JavaScript code in the title field, leading to XSS attacks against admin panel users via duplicate post function, which used the data.title field and executed JavaScript code.

Vulnerable endpoint which is the injection point for the parameter mentioned above:

*   POST /admin/amasty\_blog/posts/save/key/{some\_key}/

**Affected versions**

< 2.10.5

**Advisory**

Update Amasty Blog Pro for Magento 2 to 2.10.5 or newer.

**References**

*   https://amasty.com/blog-pro-for-magento-2.html

CVE-2022-35501: GitHub - afine-com/CVE-2022-35501: Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2

Headline

CVE-2022-35501: GitHub - afine-com/CVE-2022-35501: Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2

CVE: Latest News