2 matches found
Ghost CMS 4.3.2 - Cross-Origin Admin Takeover
Ghost is one of the most popular Node.js-based Content Management Systems CMS. According to the vendor, there are currently more than 2.5 million installs of it and the project has more than 38k stars on GitHub. During our research on open-source applications, we analyzed the code and found a...
CVE-2021-29484
Ghost CMS vulnerable影 DOM-based XSS (CVE-2021-29484) affecting Ghost 4.0.0 to 4.3.2 via an unused /ghost/preview endpoint. The admin frontend’s theme preview listens for postMessage without origin validation, allowing a logged-in admin to be compromised when visiting a malicious site. A fix was a...