Vulnerabilities > Ghost > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-11 | CVE-2024-23724 | Cross-site Scripting vulnerability in Ghost Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. | 9.0 |
| 2023-03-16 | CVE-2022-43441 | Improper Control of Dynamically-Managed Code Resources vulnerability in Ghost Sqlite3 A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. | 9.8 |
| 2022-04-12 | CVE-2022-27139 | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.39.0 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 |
| 2022-04-12 | CVE-2022-28397 | Unrestricted Upload of File with Dangerous Type vulnerability in Ghost 4.42.0 An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. | 9.8 |