Vulnerabilities > Ghost > Ghost > 5.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-21 | CVE-2024-23725 | Cross-site Scripting vulnerability in Ghost Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. | 6.1 |
2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |
2023-05-08 | CVE-2023-31133 | Unspecified vulnerability in Ghost Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. | 7.5 |
2023-05-05 | CVE-2023-32235 | Path Traversal vulnerability in Ghost Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. | 7.5 |
2023-01-19 | CVE-2022-47194 | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2022-47195 | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2022-47196 | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2022-47197 | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2022-12-22 | CVE-2022-41697 | Response Discrepancy Information Exposure vulnerability in Ghost 5.9.4 A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. | 5.3 |