Ghost

Ghost

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-47195

Exploit
  • EPSS 0.37%
  • Veröffentlicht 19.01.2023 18:15:14
  • Zuletzt bearbeitet 04.11.2025 20:16:14

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to adm...

5.4

CVE-2022-47194

Exploit
  • EPSS 0.46%
  • Veröffentlicht 19.01.2023 18:15:13
  • Zuletzt bearbeitet 04.11.2025 20:16:13

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to adm...

5.3

CVE-2022-41697

Exploit
  • EPSS 24.28%
  • Veröffentlicht 22.12.2022 10:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:40

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vul...

4.3

CVE-2022-41654

Exploit
  • EPSS 0.26%
  • Veröffentlicht 22.12.2022 10:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:34

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulner...

9.8

CVE-2022-28397

Exploit
  • EPSS 4.03%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:57:17

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and pub...

9.8

CVE-2022-27139

Exploit
  • EPSS 6.06%
  • Veröffentlicht 12.04.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:55:13

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possib...

7.2

CVE-2021-39192

  • EPSS 0.53%
  • Veröffentlicht 03.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:18:50

Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint...

4.3

CVE-2021-29484

Exploit
  • EPSS 82%
  • Veröffentlicht 29.04.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:14

Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious cod...

8.1

CVE-2020-8134

Exploit
  • EPSS 0.3%
  • Veröffentlicht 20.03.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:21

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.

6.5

CVE-2016-10983

Exploit
  • EPSS 0.56%
  • Veröffentlicht 17.09.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 02:45:13

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.