CVE-2022-35500 PoC — Amasty Blog 跨站脚本漏洞

Source

https://github.com/afine-com/CVE-2022-35500

Associated Vulnerability

Title:Amasty Blog 跨站脚本漏洞 (CVE-2022-35500)
Description:Amasty Blog是Amasty公司的一个网站页面扩展。 Amasty Blog Pro 2.10.3版本存在安全漏洞，该漏洞源于通过评论功能存在跨站脚本(XSS)。

Description

Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2

Readme

# CVE-2022-35500
Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2

## Description
The leave comment functionality in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 allows injection of JavaScript code in the `AmBlogLeaveComment` mutation in `name` parameter via GraphQL endpoint. The JavaScript code is executed when the victim (administrator) tries to remove the comment from the admin panel.

## Affected versions
< 2.10.5

## Advisory
Update Amasty Blog Pro for Magento 2 to 2.10.5 or newer.

## References
* https://amasty.com/blog-pro-for-magento-2.html

File Snapshot


 [4.0K]  /data/pocs/4162c6006645215634e23ffa7f5a8554d291cac3
└── [ 619]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!