Lucene search
PRIOn knowledge basePRION:CVE-2022-47194HistoryJan 19, 2023 - 6:15 p.m.
Cross site scripting
2023-01-1918:15:00
PRIOn knowledge base
www.prio-n.com
5
ghost foundation
insecure default
cross site scripting
privilege escalation
stored xss
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the twitter field for a user.
Related
osv
osv
BIT-ghost-2022-47194
2024-03-06 10:53:22
CVE-2022-47194
2023-01-19 18:15:13
cve
cve
CVE-2022-47194
2023-01-19 18:15:13
nvd
nvd
CVE-2022-47194
2023-01-19 18:15:13
cvelist
cvelist
CVE-2022-47194
2023-01-19 17:02:10
talosblog
talosblog
Vulnerability Spotlight: XSS vulnerability in Ghost CMS
2023-01-19 20:01:53
talos
talos