5 matches found
BIT-GHOST-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...
GHSA-GV6Q-2M97-882H Ghost vulnerable to XSS via malicious Portal preview links
Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...
Ghost vulnerable to XSS via malicious Portal preview links
Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...
Cross-site Scripting (XSS)
Overview @tryghost/portal is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Portal preview links, an attacker could craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions,...
CVE-2026-24778
Ghost is vulnerable to an XSS issue via malicious Portal preview links. Affected: Ghost CMS versions 5.43.0–5.12.04 and 6.0.0–6.14.0, plus Portal components 2.29.1–2.51.4 and 2.52.0–2.57.0. Concordant advisories describe that an authenticated staff member or member clicking a crafted link could e...