EUVD-2022-7303

Malicious code in bioql PyPI...

EUVD-2022-49972

Malicious code in bioql PyPI...

CVE-2022-47196

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

Cross site scripting

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

Cross site scripting

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47196

CVE-2022-47196 affects Ghost Foundation Ghost 5.9.4. A stored XSS vulnerability exists in the post creation feature: non-administrator users can inject arbitrary JavaScript via the post’s codeinjection_head, potentially escalating privileges to administrator when an admin views the post. The issu...

CVE-2022-47195

CVE-2022-47195 affects Ghost Foundation Ghost 5.9.4. The issue is an insecure default in Post Creation that allows non-administrator users to inject arbitrary JavaScript into posts, enabling privilege escalation to administrator via XSS. A stored XSS vulnerability is also described in the user’s ...

CVE-2022-47196

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47194

CVE-2022-47194 affects Ghost Foundation Ghost 5.9.4. A stored XSS flaw exists in the Post Creation workflow and in the user’s twitter field, enabling non-administrator users to inject JavaScript into posts which can escalate to administrator privileges when the affected post is viewed. Exploitati...

CVE-2022-41697

CVE-2022-41697 affects Ghost CMS 5.9.4, where the login flow returns distinct error messages that allow attacker-driven user enumeration. The Nuclei template and related sources confirm a vulnerability in Ghost’s authentication, enabling an attacker to determine valid usernames/emails via special...

CVE-2022-41654

CVE-2022-41654 affects Ghost Foundation Ghost 5.9.4. Cisco Talos details an authentication bypass in the newsletter subscription feature, enabling an unauthenticated or minimal-auth attacker to manipulate newsletters via the /members/api/member/ endpoint, potentially creating or modifying newslet...

CVE-2022-41697

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability...