6 matches found
PT-2026-6335
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...
CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...
EUVD-2021-1159
Malware in sbrugna...
CVE-2021-29484
Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and m...
Exploit for Path Traversal in Ghost
CVE-2023-4002 Ghost-Arbitrary-File-Read : The username/email...
Exploit for Path Traversal in Ghost
Proof of Concept PoC for CVE-2023-40028 CVE-2023-40028 is a...