Vulnerabilities > Ghost > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-01 CVE-2022-21227 Unspecified vulnerability in Ghost Sqlite3
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter.
network
low complexity
ghost
5.0
2021-09-03 CVE-2021-39192 Improper Privilege Management vulnerability in Ghost
Ghost is a Node.js content management system.
network
low complexity
ghost CWE-269
6.5
2021-04-29 CVE-2021-29484 Cross-site Scripting vulnerability in Ghost
Ghost is a Node.js CMS.
network
ghost CWE-79
4.3
2020-03-20 CVE-2020-8134 Server-Side Request Forgery (SSRF) vulnerability in Ghost
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.
network
low complexity
ghost CWE-918
5.5
2019-09-17 CVE-2016-10983 Improper Authentication vulnerability in Ghost
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.
network
low complexity
ghost CWE-287
4.0