CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43409 – Ghost's improper authentication allows access to member information and actions
https://notcve.org/view.php?id=CVE-2024-43409
20 Aug 2024 — Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. • https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23725
https://notcve.org/view.php?id=CVE-2024-23725
21 Jan 2024 — Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. Ghost anterior a 5.76.0 permite XSS a través de un extracto de publicación en excerpt.js. Se puede representar un payload XSS en resúmenes de publicaciones. • https://github.com/TryGhost/Ghost/pull/17190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 10CVE-2023-40028 – Arbitrary file read via symlinks in Ghost
https://notcve.org/view.php?id=CVE-2023-40028
15 Aug 2023 — Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. • https://packetstorm.news/files/id/183344 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31133 – Ghost vulnerable to disclosure of private API fields
https://notcve.org/view.php?id=CVE-2023-31133
08 May 2023 — Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below... • https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 93%CPEs: 1EXPL: 2CVE-2023-32235
https://notcve.org/view.php?id=CVE-2023-32235
05 May 2023 — Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. • https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-47197
https://notcve.org/view.php?id=CVE-2022-47197
19 Jan 2023 — An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post. Existe una vulnerabi... • https://github.com/miguelc49/CVE-2022-47197-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-453: Insecure Default Variable Initialization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47196
https://notcve.org/view.php?id=CVE-2022-47196
19 Jan 2023 — An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_head` for a post. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47195
https://notcve.org/view.php?id=CVE-2022-47195
19 Jan 2023 — An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `facebook` field for a user. Existe una vulnerabilida... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-453: Insecure Default Variable Initialization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47194
https://notcve.org/view.php?id=CVE-2022-47194
19 Jan 2023 — An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `twitter` field for a user. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41697
https://notcve.org/view.php?id=CVE-2022-41697
22 Dec 2022 — A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625 • CWE-204: Observable Response Discrepancy •