CVE-2026-24778

Ghost is vulnerable to an XSS issue via malicious Portal preview links. Affected: Ghost CMS versions 5.43.0–5.12.04 and 6.0.0–6.14.0, plus Portal components 2.29.1–2.51.4 and 2.52.0–2.57.0. Concordant advisories describe that an authenticated staff member or member clicking a crafted link could e...

PT-2026-5028

Name of the Vulnerable Software and Affected Versions Ghost versions 5.43.0 through 5.12.04 Ghost versions 6.0.0 through 6.14.0 Ghost Portal versions 2.29.1 through 2.51.4 Ghost Portal versions 2.52.0 through 2.57.0 Description Ghost is a content management system. An attacker can create a...

CVE-2024-23725

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries...

PT-2023-15235 · Ghost Foundation · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...

PT-2023-15233 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions 5.9.4 Description: An insecure default issue exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to administrator via XSS. An...

PT-2022-18244 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost version 4.39.0 Description: The issue concerns an arbitrary file upload vulnerability in the file upload module, potentially allowing attackers to execute arbitrary code via a crafted SVG file. However, the vendor states that uploading...