Ghost

Ghost

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-34448

Exploit
  • EPSS 0.17%
  • Veröffentlicht 22.05.2024 16:15:10
  • Zuletzt bearbeitet 18.04.2025 14:48:08

Ghost before 5.82.0 allows CSV Injection during a member CSV export.

7.5

CVE-2024-34559

  • EPSS 0.73%
  • Veröffentlicht 14.05.2024 15:39:23
  • Zuletzt bearbeitet 21.11.2024 09:18:56

Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.

9

CVE-2024-23724

Exploit
  • EPSS 45.26%
  • Veröffentlicht 11.02.2024 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:58:14

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The disco...

6.1

CVE-2024-23725

  • EPSS 0.11%
  • Veröffentlicht 21.01.2024 04:15:19
  • Zuletzt bearbeitet 30.05.2025 15:15:37

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.

6.5

CVE-2023-40028

  • EPSS 78.6%
  • Veröffentlicht 15.08.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:18:33

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the ...

7.5

CVE-2023-31133

  • EPSS 18.32%
  • Veröffentlicht 08.05.2023 21:15:11
  • Zuletzt bearbeitet 21.11.2024 08:01:27

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is p...

7.5

CVE-2023-32235

  • EPSS 94.09%
  • Veröffentlicht 05.05.2023 05:15:09
  • Zuletzt bearbeitet 29.01.2025 17:15:26

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.

5.7

CVE-2023-26510

  • EPSS 0.11%
  • Veröffentlicht 05.03.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:51:38

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendo...

5.4

CVE-2022-47197

Exploit
  • EPSS 1.32%
  • Veröffentlicht 19.01.2023 18:15:14
  • Zuletzt bearbeitet 04.11.2025 20:16:14

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to adm...

5.4

CVE-2022-47196

Exploit
  • EPSS 0.37%
  • Veröffentlicht 19.01.2023 18:15:14
  • Zuletzt bearbeitet 04.11.2025 20:16:14

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to adm...