Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 12:6 a.m.11 views

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

9CVSS6AI score0.01024EPSS
Exploits1
CVE
CVE
added 2023/01/19 5:2 p.m.57 views

CVE-2022-47197

CVE-2022-47197 affects Ghost Foundation Ghost 5.9.4. A stored XSS vulnerability exists in the codeinjection_foot of a post, allowing non-administrator users to inject arbitrary JavaScript which can escalate to administrator privileges when an admin visits the post. Triggered via an HTTP request i...

9CVSS5.4AI score0.01024EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/01/19 5:2 p.m.26 views

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

9CVSS5.9AI score0.01024EPSS
Exploits1References4
Talos
Talos
added 2023/01/19 12:0 a.m.59 views

Ghost Foundation Ghost Post Creation insecure default installation vulnerability

Talos Vulnerability Report TALOS-2022-1686 Ghost Foundation Ghost Post Creation insecure default installation vulnerability January 19, 2023 CVE Number CVE-2022-47197,CVE-2022-47195,CVE-2022-47194,CVE-2022-47196 SUMMARY An insecure default vulnerability exists in the Post Creation functionality o...

9CVSS6.1AI score0.01024EPSS
Exploits4
Rows per page
Query Builder