Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ghost Foundation Security Vulnerabilities

cve
cve

CVE-2024-34559

Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-14 03:39 PM
3
cve
cve

CVE-2022-47194

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

5.4CVSS

5.4AI Score

0.001EPSS

2023-01-19 06:15 PM
16
cve
cve

CVE-2022-47196

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

5.4CVSS

5.4AI Score

0.001EPSS

2023-01-19 06:15 PM
12
cve
cve

CVE-2022-43441

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this...

9.8CVSS

9.5AI Score

0.003EPSS

2023-03-16 09:15 PM
47
cve
cve

CVE-2022-47195

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

5.4CVSS

5.4AI Score

0.001EPSS

2023-01-19 06:15 PM
20
cve
cve

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

5.4CVSS

5.4AI Score

0.001EPSS

2023-01-19 06:15 PM
18
cve
cve

CVE-2022-41654

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this...

4.3CVSS

4.7AI Score

0.0004EPSS

2022-12-22 10:15 AM
311
2
cve
cve

CVE-2022-41697

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this...

5.3CVSS

5AI Score

0.002EPSS

2022-12-22 10:15 AM
43