Vulnerabilities > Ghost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-19 | CVE-2022-47195 | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2023-01-19 | CVE-2022-47196 | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2023-01-19 | CVE-2022-47197 | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2022-12-22 | CVE-2022-41654 | Improper Access Control vulnerability in Ghost An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. | 4.3 |
| 2022-12-22 | CVE-2022-41697 | Response Discrepancy Information Exposure vulnerability in Ghost 5.9.4 A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. | 5.3 |
| 2022-05-01 | CVE-2022-21227 | Unspecified vulnerability in Ghost Sqlite3 The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. | 7.5 |
| 2022-04-12 | CVE-2022-27139 | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 |
| 2022-04-12 | CVE-2022-28397 | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0 An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. | 9.8 |
| 2021-09-03 | CVE-2021-39192 | Improper Privilege Management vulnerability in Ghost Ghost is a Node.js content management system. | 7.2 |
| 2021-04-29 | CVE-2021-29484 | Cross-site Scripting vulnerability in Ghost Ghost is a Node.js CMS. | 6.8 |