Ghost
CVE-2024-23724
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
AnalysisAI
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector." Affected products include: Ghost. Version information: through 5.76.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitr
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X
Ghost before 5.82.0 allows CSV Injection during a member CSV export. Rated high severity (CVSS 8.8), this vulnerability
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external netw
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2
Ghost is a Node.js CMS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication
Ghost is an open source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.0.0 through 6.
Web cache poisoning in the Ghost Node.js CMS before 6.37.0 lets an unauthenticated attacker inject an x-ghost-preview he
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. Rated medium severit
Ghost is an open source content management system. [CVSS 8.8 HIGH]
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today