GHSA-GV6Q-2M97-882H Ghost vulnerable to XSS via malicious Portal preview links
Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...