Vulnerabilities > Ghost > Ghost > 4.42.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-21 | CVE-2024-23725 | Cross-site Scripting vulnerability in Ghost Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. | 6.1 |
| 2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |
| 2023-05-08 | CVE-2023-31133 | Unspecified vulnerability in Ghost Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. | 7.5 |
| 2023-05-05 | CVE-2023-32235 | Path Traversal vulnerability in Ghost Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. | 7.5 |
| 2022-04-12 | CVE-2022-28397 | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0 An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. | 9.8 |