CVE-2022-41697

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2022-41697

CVE-2022-41697 affects Ghost CMS 5.9.4, where the login flow returns distinct error messages that allow attacker-driven user enumeration. The Nuclei template and related sources confirm a vulnerability in Ghost’s authentication, enabling an attacker to determine valid usernames/emails via special...

CVE-2022-41697

creationtimestamp| type| source ---|---|--- 2022-12-22 12:13:32+00:00| seen| https://t.me/cibsecurity/55107 2026-01-20 14:01:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-41697.yaml 2026-01-21 21:03:00+00:00| seen|...

Two New Security Flaws Reported in Ghost CMS Blogging Software

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, mos...