Ghost is vulnerable to CSV Injection. The vulnerability is due to inadequate input sanitization during member CSV export, allowing malicious content to be injected into CSV files, and executed when opened by a spreadsheet application.
CPE | Name | Operator | Version |
---|---|---|---|
@tryghost/members-csv | le | 1.2.16 | |
ghost | le | 5.81.1 | |
@tryghost/members-csv | le | 1.2.16 | |
ghost | le | 5.81.1 |