3 matches found
Two New Security Flaws Reported in Ghost CMS Blogging Software
Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, mos...
Improper Access Control
ghost is vulnerable to improper access control. An unprivileged member has the ability to view and change unintended newsletter settings due to improper validation for nested objects in Memebers API...
GHSA-9GH8-WP53-CCC6 ghost vulnerable to unauthorized newsletter modification via improper access controls
Impact On sites where members is enabled this is the default it is possible for members unprivileged users to make changes to newsletter settings. This gives unprivileged users the ability to view and change settings they were not intended to have access to. They are not able to escalate their...