3 matches found
ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2024-23725 via ghost (>=0.11.14 <=1.26.2)
ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2024-23725 Source advisory: OSV:GHSA-FH38-9FGR-454W...
CVE-2024-23725
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries...
CVE-2024-23725
CVE-2024-23725 affects Ghost prior to 5.76.0. The vulnerability is an XSS in post excerpts processed by excerpt.js, allowing an attacker to craft payloads rendered in post summaries. Public references in connected sources corroborate the XSS in Ghost and point to the fixed version 5.76.0 (release...