4 matches found
CVE-2022-47196
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
CVE-2022-47196
CVE-2022-47196 affects Ghost Foundation Ghost 5.9.4. A stored XSS vulnerability exists in the post creation feature: non-administrator users can inject arbitrary JavaScript via the post’s codeinjection_head, potentially escalating privileges to administrator when an admin views the post. The issu...
CVE-2022-47196
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
Ghost Foundation Ghost Post Creation insecure default installation vulnerability
Talos Vulnerability Report TALOS-2022-1686 Ghost Foundation Ghost Post Creation insecure default installation vulnerability January 19, 2023 CVE Number CVE-2022-47197,CVE-2022-47195,CVE-2022-47194,CVE-2022-47196 SUMMARY An insecure default vulnerability exists in the Post Creation functionality o...