5 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. Ghost anterior a 5.76.0 permite XSS a través de un extracto de publicación en excerpt.js. Se puede representar un payload XSS en resúmenes de publicaciones. • https://github.com/TryGhost/Ghost/pull/17190 https://github.com/TryGhost/Ghost/releases/tag/v5.76.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. • https://github.com/0xyassine/CVE-2023-40028 https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205 https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`. • https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90 https://github.com/TryGhost/Ghost/releases/tag/v5.46.1 https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 91%CPEs: 1EXPL: 2

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. • https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235- https://github.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235- https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional ** EN DISPUTA ** Una vulnerabilidad de carga de archivos arbitraria en el módulo de carga de archivos de Ghost CMS versión v4.42.0, permite a atacantes ejecutar código arbitrario por medio de un archivo diseñado. NOTA: Según la documentación de seguridad de Ghost, los archivos sólo pueden ser cargados y publicados por usuarios de confianza, esto es intencional • http://ghost.com https://ghost.org/customers https://ghost.org/docs/security/#privilege-escalation-attacks https://github.com/TryGhost/Ghost https://trends.builtwith.com/cms/Ghost https://youtu.be/PncfBetPk2g • CWE-434: Unrestricted Upload of File with Dangerous Type •