Lucene search
K

5 matches found

OSV
OSV
added 2026/02/03 8:40 a.m.6 views

BIT-GHOST-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

8.8CVSS5.6AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/01/28 4:11 p.m.4 views

GHSA-GV6Q-2M97-882H Ghost vulnerable to XSS via malicious Portal preview links

Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...

8.8CVSS6AI score0.00255EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/28 4:11 p.m.12 views

Ghost vulnerable to XSS via malicious Portal preview links

Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...

8.8CVSS6AI score0.00255EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/01/27 10:49 p.m.3 views

Cross-site Scripting (XSS)

Overview @tryghost/portal is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Portal preview links, an attacker could craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions,...

8.8CVSS5.8AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/01/27 9:57 p.m.17 views

CVE-2026-24778

Ghost is vulnerable to an XSS issue via malicious Portal preview links. Affected: Ghost CMS versions 5.43.0–5.12.04 and 6.0.0–6.14.0, plus Portal components 2.29.1–2.51.4 and 2.52.0–2.57.0. Concordant advisories describe that an authenticated staff member or member clicking a crafted link could e...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder