Vulnerabilities > Ghost > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-43409 Improper Authentication vulnerability in Ghost
Ghost is a Node.js content management system.
network
low complexity
ghost CWE-287
6.5
2024-01-21 CVE-2024-23725 Cross-site Scripting vulnerability in Ghost
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js.
network
low complexity
ghost CWE-79
6.1
2023-08-15 CVE-2023-40028 Link Following vulnerability in Ghost
Ghost is an open source content management system.
network
low complexity
ghost CWE-59
6.5
2023-04-11 CVE-2020-24736 Classic Buffer Overflow vulnerability in Ghost Sqlite3 3.27.1
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
local
low complexity
ghost CWE-120
5.5
2023-03-05 CVE-2023-26510 Missing Authorization vulnerability in Ghost 5.35.0
Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor.
network
low complexity
ghost CWE-862
5.7
2023-01-19 CVE-2022-47194 Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-1188
5.4
2023-01-19 CVE-2022-47195 Cross-site Scripting vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-79
5.4
2023-01-19 CVE-2022-47196 Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-1188
5.4
2023-01-19 CVE-2022-47197 Cross-site Scripting vulnerability in Ghost 5.9.4
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost CWE-79
5.4
2022-12-22 CVE-2022-41654 Unspecified vulnerability in Ghost
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4.
network
low complexity
ghost
4.3