关联漏洞
标题:Amasty Blog 跨站脚本漏洞 (CVE-2022-36433)Description:Amasty Blog是Amasty公司的一个网站页面扩展。 Amasty Blog Pro for Magento 2.10.5之前版本存在安全漏洞,该漏洞源于博客文章创建功能允许在short_content和full_content字段中注入JavaScript代码,从而导致对管理面板用户进XSS攻击。
Description
Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2
介绍
# CVE-2022-36433
Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2
## Description
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the `short_content` and `full_content` fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
Vulnerable endpoints which are the injection points for the parameters mentioned above:
* POST /admin/amasty_blog/posts/preview/key/{some_key}/?isAjax=true
* POST /admin/amasty_blog/posts/save/key/{some_key}/back/edit
## Affected versions
< 2.10.5
## Advisory
Update Amasty Blog Pro for Magento 2 to 2.10.5 or newer.
## References
* https://amasty.com/blog-pro-for-magento-2.html
文件快照
[4.0K] /data/pocs/5989dc48e8b36707e1b7257b3809953d319d4b58
└── [ 769] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。