5.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
github.com/TryGhost/Ghost/pull/17190
github.com/TryGhost/Ghost/releases/tag/v5.76.0