cbcvebase.

Ghost Foundation Ghost vulnerabilities

7 known vulnerabilities affecting ghost_foundation/ghost.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2022-41697P3MEDIUMCVSS 5.3PoCv5.9.42022-12-22
CVE-2022-41697 [MEDIUM] CWE-204 CVE-2022-41697: A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.
nvd
CVE-2024-34559P3HIGHCVSS 7.5≥ n/a, ≤ 1.4.02024-05-14
CVE-2024-34559 [HIGH] CWE-532 CVE-2024-34559: Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.
nvd
CVE-2022-41654P3MEDIUMCVSS 4.3v5.9.42022-12-22
CVE-2022-41654 [MEDIUM] CWE-284 CVE-2022-41654: An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-47197P4MEDIUMCVSS 5.4v5.9.42023-01-19
CVE-2022-47197 [MEDIUM] CWE-453 CVE-2022-47197: An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghos An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Jav
nvd
CVE-2022-47194P4MEDIUMCVSS 5.4v5.9.42023-01-19
CVE-2022-47194 [MEDIUM] CWE-453 CVE-2022-47194: An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghos An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Jav
nvd
CVE-2022-47196P4MEDIUMCVSS 5.4v5.9.42023-01-19
CVE-2022-47196 [MEDIUM] CWE-453 CVE-2022-47196: An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghos An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Jav
nvd
CVE-2022-47195P4MEDIUMCVSS 5.4v5.9.42023-01-19
CVE-2022-47195 [MEDIUM] CWE-453 CVE-2022-47195: An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghos An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Jav
nvd
Ghost Foundation Ghost vulnerabilities | cvebase