Vulnerabilities > Ghost

DATE CVE VULNERABILITY TITLE RISK
2023-01-19 CVE-2022-47195 Cross-site Scripting vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-79
5.4
2023-01-19 CVE-2022-47196 Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-1188
5.4
2023-01-19 CVE-2022-47197 Cross-site Scripting vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-79
5.4
2022-12-22 CVE-2022-41654 Unspecified vulnerability in Ghost
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost
4.3
2022-12-22 CVE-2022-41697 Unspecified vulnerability in Ghost 5.9.4
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost
5.3
2022-05-01 CVE-2022-21227 Unspecified vulnerability in Ghost Sqlite3
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter.
network
low complexity
ghost
7.5
2022-04-12 CVE-2022-27139 Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.
network
low complexity
ghost CWE-434
critical
9.8
2022-04-12 CVE-2022-28397 Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
ghost CWE-434
critical
9.8
2021-09-03 CVE-2021-39192 Improper Privilege Management vulnerability in Ghost
Ghost is a Node.js content management system.
network
low complexity
ghost CWE-269
7.2
2020-03-20 CVE-2020-8134 Server-Side Request Forgery (SSRF) vulnerability in Ghost
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
network
low complexity
ghost CWE-918
8.1