Security News > 2022 > December > Ghost CMS vulnerable to critical authentication bypass flaw

Ghost CMS vulnerable to critical authentication bypass flaw

2022-12-23 08:12

A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [...]

News URL

https://www.bleepingcomputer.com/news/security/ghost-cms-vulnerable-to-critical-authentication-bypass-flaw/

#authentication #bypass #CMS #critical

Related news

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
GitLab patches critical authentication bypass vulnerabilities (source)
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
Juniper patches critical auth bypass in Session Smart routers (source)
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
Critical flaw in Next.js lets hackers bypass authorization (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ghost		2	0	12	5	4	21

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.