Vulnerabilities > Ghost > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-43409 | Improper Authentication vulnerability in Ghost Ghost is a Node.js content management system. | 6.5 |
| 2024-01-21 | CVE-2024-23725 | Cross-site Scripting vulnerability in Ghost Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. | 6.1 |
| 2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |
| 2023-04-11 | CVE-2020-24736 | Classic Buffer Overflow vulnerability in Ghost Sqlite3 3.27.1 Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. | 5.5 |
| 2023-03-05 | CVE-2023-26510 | Missing Authorization vulnerability in Ghost 5.35.0 Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. | 5.7 |
| 2023-01-19 | CVE-2022-47194 | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2023-01-19 | CVE-2022-47195 | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2023-01-19 | CVE-2022-47196 | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2023-01-19 | CVE-2022-47197 | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
| 2022-12-22 | CVE-2022-41697 | Response Discrepancy Information Exposure vulnerability in Ghost 5.9.4 A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. | 5.3 |