7 matches found
CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...
CVE-2026-24778
Ghost is vulnerable to an XSS issue via malicious Portal preview links. Affected: Ghost CMS versions 5.43.0–5.12.04 and 6.0.0–6.14.0, plus Portal components 2.29.1–2.51.4 and 2.52.0–2.57.0. Concordant advisories describe that an authenticated staff member or member clicking a crafted link could e...
PT-2026-5028
Name of the Vulnerable Software and Affected Versions Ghost versions 5.43.0 through 5.12.04 Ghost versions 6.0.0 through 6.14.0 Ghost Portal versions 2.29.1 through 2.51.4 Ghost Portal versions 2.52.0 through 2.57.0 Description Ghost is a content management system. An attacker can create a...
CVE-2024-23725
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries...
PT-2023-15233 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 5.9.4 Description: An insecure default issue exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. An...
PT-2023-15235 · Ghost Foundation · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...
PT-2022-18244 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost version 4.39.0 Description: The issue concerns an arbitrary file upload vulnerability in the file upload module, potentially allowing attackers to execute arbitrary code via a crafted SVG file. However, the vendor states that uploading...