Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/24 6:8 p.m.27 views

CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 9:57 p.m.16 views

CVE-2026-24778

Ghost is vulnerable to an XSS issue via malicious Portal preview links. Affected: Ghost CMS versions 5.43.0–5.12.04 and 6.0.0–6.14.0, plus Portal components 2.29.1–2.51.4 and 2.52.0–2.57.0. Concordant advisories describe that an authenticated staff member or member clicking a crafted link could e...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-5028

Name of the Vulnerable Software and Affected Versions Ghost versions 5.43.0 through 5.12.04 Ghost versions 6.0.0 through 6.14.0 Ghost Portal versions 2.29.1 through 2.51.4 Ghost Portal versions 2.52.0 through 2.57.0 Description Ghost is a content management system. An attacker can create a...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.10 views

CVE-2024-23725

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries...

6.1CVSS5.7AI score0.00436EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.15 views

PT-2023-15233 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions 5.9.4 Description: An insecure default issue exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. An...

9CVSS7.1AI score0.00823EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.10 views

PT-2023-15235 · Ghost Foundation · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...

9CVSS7.1AI score0.00682EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.5 views

PT-2022-18244 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost version 4.39.0 Description: The issue concerns an arbitrary file upload vulnerability in the file upload module, potentially allowing attackers to execute arbitrary code via a crafted SVG file. However, the vendor states that uploading...

9.8CVSS8.3AI score0.0379EPSS
Exploits1References10
Rows per page
Query Builder