10 matches found
PT-2026-24603
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
Cross-site Request Forgery (CSRF)
Overview ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /session/verify component. An attacker can gain unauthorized access to user sessions by exploiting incomplete protections, potentially allowing takeover of site...
PT-2026-23607
Name of the Vulnerable Software and Affected Versions Ghost versions 5.101.6 through 6.19.2 Description Incomplete CSRF protections around the /session/verify API endpoint allowed the use of One-Time Codes OTCs in login sessions different from the requesting session. This could potentially allow...
thinksaas最新版xss2
简要描述: 详细说明: \app\group\action\add.php // 执行发布帖子 case "do" : if $POST 'token' != $SESSION 'token' tsNotice '非法操作!' ; $authcode = strtolower $POST 'authcode' ; if $TSSITE 'base' 'isauthcode' if $authcode != $SESSION 'verify' tsNotice "验证码输入有误,请重新输入!" ; $groupid = intval $POST 'groupid' ; $title =...