4 matches found
CVE-2022-47197
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
CVE-2022-47197
CVE-2022-47197 affects Ghost Foundation Ghost 5.9.4. A stored XSS vulnerability exists in the codeinjection_foot of a post, allowing non-administrator users to inject arbitrary JavaScript which can escalate to administrator privileges when an admin visits the post. Triggered via an HTTP request i...
CVE-2022-47197
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...
Ghost Foundation Ghost Post Creation insecure default installation vulnerability
Talos Vulnerability Report TALOS-2022-1686 Ghost Foundation Ghost Post Creation insecure default installation vulnerability January 19, 2023 CVE Number CVE-2022-47197,CVE-2022-47195,CVE-2022-47194,CVE-2022-47196 SUMMARY An insecure default vulnerability exists in the Post Creation functionality o...