Search criteria
77 vulnerabilities found for ghost by ghost
CVE-2026-22595 (GCVE-0-2026-22595)
Vulnerability from nvd – Published: 2026-01-10 02:57 – Updated: 2026-01-12 17:51
VLAI?
Title
Ghost has Staff Token permission bypass
Summary
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:51:33.104312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:51:41.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.121.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:57:08.131Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3"
}
],
"source": {
"advisory": "GHSA-9xg7-mwmp-xmjx",
"discovery": "UNKNOWN"
},
"title": "Ghost has Staff Token permission bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22595",
"datePublished": "2026-01-10T02:57:08.131Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:51:41.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22596 (GCVE-0-2026-22596)
Vulnerability from nvd – Published: 2026-01-10 02:57 – Updated: 2026-01-12 17:37
VLAI?
Title
Ghost has SQL Injection in Members Activity Feed
Summary
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
6.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:37:34.204877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:37:41.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.90.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:57:19.792Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391"
}
],
"source": {
"advisory": "GHSA-gjrp-xgmh-x9qq",
"discovery": "UNKNOWN"
},
"title": "Ghost has SQL Injection in Members Activity Feed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22596",
"datePublished": "2026-01-10T02:57:19.792Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:37:41.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22594 (GCVE-0-2026-22594)
Vulnerability from nvd – Published: 2026-01-10 02:56 – Updated: 2026-01-12 17:53
VLAI?
Title
Ghost has Staff 2FA bypass
Summary
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:53:47.818587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:53:57.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.105.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:56:47.226Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07"
}
],
"source": {
"advisory": "GHSA-5fp7-g646-ccf4",
"discovery": "UNKNOWN"
},
"title": "Ghost has Staff 2FA bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22594",
"datePublished": "2026-01-10T02:56:47.226Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:53:57.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22597 (GCVE-0-2026-22597)
Vulnerability from nvd – Published: 2026-01-10 02:57 – Updated: 2026-01-12 16:23
VLAI?
Title
Ghost has SSRF via External Media Inliner
Summary
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:33:44.786773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:23:47.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.38.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u2019s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:57:36.898Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51"
}
],
"source": {
"advisory": "GHSA-vmc4-9828-r48r",
"discovery": "UNKNOWN"
},
"title": "Ghost has SSRF via External Media Inliner"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22597",
"datePublished": "2026-01-10T02:57:36.898Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T16:23:47.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9862 (GCVE-0-2025-9862)
Vulnerability from nvd – Published: 2025-09-17 15:02 – Updated: 2025-09-17 15:42
VLAI?
Title
Ghost 6.0.6 - SSRF via oEmbed Bookmark
Summary
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T15:42:29.239311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:42:32.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://fluidattacks.com/advisories/regida"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Ghost",
"vendor": "Ghost",
"versions": [
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.130.3",
"status": "affected",
"version": "5.99.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.0.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "5.130.3",
"versionStartIncluding": "5.99.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.\u003cp\u003eThis issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:02:01.533Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/regida"
},
{
"tags": [
"product"
],
"url": "https://github.com/TryGhost/Ghost"
},
{
"tags": [
"patch"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v6.0.9"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ghost 6.0.6 - SSRF via oEmbed Bookmark",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2025-9862",
"datePublished": "2025-09-17T15:02:01.533Z",
"dateReserved": "2025-09-02T17:46:31.153Z",
"dateUpdated": "2025-09-17T15:42:32.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43409 (GCVE-0-2024-43409)
Vulnerability from nvd – Published: 2024-08-20 15:05 – Updated: 2024-09-03 14:58
VLAI?
Title
Ghost's improper authentication allows access to member information and actions
Summary
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThan": "5.89.5",
"status": "affected",
"version": "4.46.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:32:40.578943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:58:35.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.46.0 \u003c 5.89.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:05:04.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db"
}
],
"source": {
"advisory": "GHSA-78x2-cwp9-5j42",
"discovery": "UNKNOWN"
},
"title": "Ghost\u0027s improper authentication allows access to member information and actions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43409",
"datePublished": "2024-08-20T15:05:04.338Z",
"dateReserved": "2024-08-12T18:02:04.966Z",
"dateUpdated": "2024-09-03T14:58:35.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34451 (GCVE-0-2024-34451)
Vulnerability from nvd – Published: 2024-06-16 00:00 – Updated: 2024-08-20 16:51 Disputed
VLAI?
Summary
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:5.85.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThanOrEqual": "5.85.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34451",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T16:44:00.831709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T16:51:00.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor\u0027s position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T21:16:52.640925",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/"
},
{
"url": "https://github.com/TryGhost/Ghost/releases"
},
{
"url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34451",
"datePublished": "2024-06-16T00:00:00",
"dateReserved": "2024-05-03T00:00:00",
"dateUpdated": "2024-08-20T16:51:00.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34448 (GCVE-0-2024-34448)
Vulnerability from nvd – Published: 2024-05-22 16:01 – Updated: 2025-02-13 15:53
VLAI?
Summary
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThan": "5.82.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:42:59.254731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T20:43:58.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.82.0 allows CSV Injection during a member CSV export."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T16:01:29.517Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34448",
"datePublished": "2024-05-22T16:01:29.178Z",
"dateReserved": "2024-05-03T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:53:24.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23724 (GCVE-0-2024-23724)
Vulnerability from nvd – Published: 2024-02-11 00:00 – Updated: 2024-11-07 19:30 Disputed
VLAI?
Summary
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/pull/19646"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T17:17:21.892972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:30:18.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-11T00:03:23.626516",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://rhinosecuritylabs.com/blog/"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"
},
{
"url": "https://github.com/TryGhost/Ghost/pull/19646"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23724",
"datePublished": "2024-02-11T00:00:00",
"dateReserved": "2024-01-21T00:00:00",
"dateUpdated": "2024-11-07T19:30:18.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23725 (GCVE-0-2024-23725)
Vulnerability from nvd – Published: 2024-01-21 00:00 – Updated: 2025-05-30 14:24
VLAI?
Summary
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/pull/17190"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:35:42.929395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:24:10.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-21T03:28:18.404Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/TryGhost/Ghost/pull/17190"
},
{
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23725",
"datePublished": "2024-01-21T00:00:00.000Z",
"dateReserved": "2024-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-30T14:24:10.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2026-22595
Vulnerability from fkie_nvd - Published: 2026-01-10 03:15 - Updated: 2026-01-15 18:34
Severity ?
Summary
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "ECA8ED19-2E79-4689-ACDD-C5A3F60BC162",
"versionEndExcluding": "5.130.6",
"versionStartIncluding": "5.121.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9EC484AC-A1F0-4C13-BFAB-9DA57116957D",
"versionEndExcluding": "6.11.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"id": "CVE-2026-22595",
"lastModified": "2026-01-15T18:34:49.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T03:15:50.553",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2026-22597
Vulnerability from fkie_nvd - Published: 2026-01-10 03:15 - Updated: 2026-01-15 18:36
Severity ?
Summary
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "54BE11DA-FEBF-4266-A8A2-2EFFC9E964F5",
"versionEndExcluding": "5.130.6",
"versionStartIncluding": "5.38.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9EC484AC-A1F0-4C13-BFAB-9DA57116957D",
"versionEndExcluding": "6.11.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u2019s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"id": "CVE-2026-22597",
"lastModified": "2026-01-15T18:36:01.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T03:15:50.860",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2026-22594
Vulnerability from fkie_nvd - Published: 2026-01-10 03:15 - Updated: 2026-01-15 18:12
Severity ?
Summary
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "D77531A4-EAE2-4A4E-96C6-B711107B6AC3",
"versionEndExcluding": "5.130.6",
"versionStartIncluding": "5.105.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9EC484AC-A1F0-4C13-BFAB-9DA57116957D",
"versionEndExcluding": "6.11.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"id": "CVE-2026-22594",
"lastModified": "2026-01-15T18:12:10.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T03:15:50.400",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2026-22596
Vulnerability from fkie_nvd - Published: 2026-01-10 03:15 - Updated: 2026-01-15 18:35
Severity ?
6.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2D327CA9-FD73-4ABD-96CF-093B90712BA8",
"versionEndExcluding": "5.130.6",
"versionStartIncluding": "5.90.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9EC484AC-A1F0-4C13-BFAB-9DA57116957D",
"versionEndExcluding": "6.11.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"id": "CVE-2026-22596",
"lastModified": "2026-01-15T18:35:34.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-01-10T03:15:50.703",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-43409
Vulnerability from fkie_nvd - Published: 2024-08-20 15:15 - Updated: 2024-08-26 18:31
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6266ADD2-432F-4D34-931E-A309D89BE982",
"versionEndExcluding": "5.89.5",
"versionStartIncluding": "4.46.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue."
},
{
"lang": "es",
"value": "Ghost es un sistema de gesti\u00f3n de contenidos de Node.js. Una autenticaci\u00f3n inadecuada en algunos puntos finales utilizados para acciones de miembros permitir\u00eda a un atacante realizar acciones exclusivas de miembros y leer informaci\u00f3n de miembros. Esta vulnerabilidad de seguridad est\u00e1 presente en Ghost v4.46.0-v5.89.4. v5.89.5 contiene una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-43409",
"lastModified": "2024-08-26T18:31:26.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-20T15:15:24.270",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-34451
Vulnerability from fkie_nvd - Published: 2024-06-16 22:15 - Updated: 2025-06-20 18:06
Severity ?
Summary
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "34CA423F-0F71-4CB7-95A0-177069B031F1",
"versionEndIncluding": "5.85.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor\u0027s position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers."
},
{
"lang": "es",
"value": "Ghost hasta 5.85.1 permite a atacantes remotos eludir un mecanismo de protecci\u00f3n de l\u00edmite de tasa de autenticaci\u00f3n mediante el uso de muchos encabezados X-Forwarded-For con diferentes valores. NOTA: la posici\u00f3n del proveedor es que Ghost debe instalarse con un proxy inverso que permita solo encabezados X-Forwarded-For confiables."
}
],
"id": "CVE-2024-34451",
"lastModified": "2025-06-20T18:06:23.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-16T22:15:09.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/TryGhost/Ghost/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/TryGhost/Ghost/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-34448
Vulnerability from fkie_nvd - Published: 2024-05-22 16:15 - Updated: 2025-04-18 14:48
Severity ?
Summary
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "12A23757-69EF-419D-8988-204FDFB903B9",
"versionEndExcluding": "5.82.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.82.0 allows CSV Injection during a member CSV export."
},
{
"lang": "es",
"value": "Ghost anterior a 5.82.0 permite la inyecci\u00f3n de CSV durante la exportaci\u00f3n de CSV de un miembro."
}
],
"id": "CVE-2024-34448",
"lastModified": "2025-04-18T14:48:08.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-22T16:15:10.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-23724
Vulnerability from fkie_nvd - Published: 2024-02-11 01:15 - Updated: 2024-11-21 08:58
Severity ?
Summary
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://github.com/TryGhost/Ghost/pull/19646 | Patch | |
| cve@mitre.org | https://rhinosecuritylabs.com/blog/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TryGhost/Ghost/pull/19646 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhinosecuritylabs.com/blog/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "CAC8A0A1-CCDE-4842-BDD3-FA795CA6A493",
"versionEndIncluding": "5.76.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\""
},
{
"lang": "es",
"value": "Ghost hasta 5.76.0 permite XSS almacenado y la consiguiente escalada de privilegios en la que un colaborador puede hacerse cargo de cualquier cuenta, a trav\u00e9s de una imagen de perfil SVG que contiene c\u00f3digo JavaScript para interactuar con la API en el puerto TCP 3001 del host local. NOTA: El descubridor informa que \" El proveedor no considera que esto sea un vector v\u00e1lido\"."
}
],
"id": "CVE-2024-23724",
"lastModified": "2024-11-21T08:58:14.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-11T01:15:08.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/pull/19646"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rhinosecuritylabs.com/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/pull/19646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhinosecuritylabs.com/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23725
Vulnerability from fkie_nvd - Published: 2024-01-21 04:15 - Updated: 2025-05-30 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/TryGhost/Ghost/pull/17190 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/TryGhost/Ghost/releases/tag/v5.76.0 | Patch, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TryGhost/Ghost/pull/17190 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TryGhost/Ghost/releases/tag/v5.76.0 | Patch, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9AF7EED4-0B02-4CAC-A131-738E58F171F4",
"versionEndExcluding": "5.76.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries."
},
{
"lang": "es",
"value": "Ghost anterior a 5.76.0 permite XSS a trav\u00e9s de un extracto de publicaci\u00f3n en excerpt.js. Se puede representar un payload XSS en res\u00famenes de publicaciones."
}
],
"id": "CVE-2024-23725",
"lastModified": "2025-05-30T15:15:37.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-21T04:15:19.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/pull/17190"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/pull/17190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-40028
Vulnerability from fkie_nvd - Published: 2023-08-15 18:15 - Updated: 2024-11-21 08:18
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FC21CBC6-473C-4BF5-8F11-317A9FE0F1FB",
"versionEndExcluding": "5.59.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost\u0027s `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"id": "CVE-2023-40028",
"lastModified": "2024-11-21T08:18:33.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T18:15:10.547",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2026-22597 (GCVE-0-2026-22597)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:57 – Updated: 2026-01-12 16:23
VLAI?
Title
Ghost has SSRF via External Media Inliner
Summary
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T15:33:44.786773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:23:47.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.38.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u2019s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:57:36.898Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51"
}
],
"source": {
"advisory": "GHSA-vmc4-9828-r48r",
"discovery": "UNKNOWN"
},
"title": "Ghost has SSRF via External Media Inliner"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22597",
"datePublished": "2026-01-10T02:57:36.898Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T16:23:47.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22596 (GCVE-0-2026-22596)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:57 – Updated: 2026-01-12 17:37
VLAI?
Title
Ghost has SQL Injection in Members Activity Feed
Summary
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
6.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:37:34.204877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:37:41.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.90.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:57:19.792Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391"
}
],
"source": {
"advisory": "GHSA-gjrp-xgmh-x9qq",
"discovery": "UNKNOWN"
},
"title": "Ghost has SQL Injection in Members Activity Feed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22596",
"datePublished": "2026-01-10T02:57:19.792Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:37:41.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22595 (GCVE-0-2026-22595)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:57 – Updated: 2026-01-12 17:51
VLAI?
Title
Ghost has Staff Token permission bypass
Summary
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:51:33.104312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:51:41.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.121.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:57:08.131Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3"
}
],
"source": {
"advisory": "GHSA-9xg7-mwmp-xmjx",
"discovery": "UNKNOWN"
},
"title": "Ghost has Staff Token permission bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22595",
"datePublished": "2026-01-10T02:57:08.131Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:51:41.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22594 (GCVE-0-2026-22594)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:56 – Updated: 2026-01-12 17:53
VLAI?
Title
Ghost has Staff 2FA bypass
Summary
Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
Severity ?
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:53:47.818587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:53:57.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.11.0"
},
{
"status": "affected",
"version": "\u003e= 5.105.0, \u003c 5.130.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost\u0027s 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:56:47.226Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07"
}
],
"source": {
"advisory": "GHSA-5fp7-g646-ccf4",
"discovery": "UNKNOWN"
},
"title": "Ghost has Staff 2FA bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22594",
"datePublished": "2026-01-10T02:56:47.226Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:53:57.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9862 (GCVE-0-2025-9862)
Vulnerability from cvelistv5 – Published: 2025-09-17 15:02 – Updated: 2025-09-17 15:42
VLAI?
Title
Ghost 6.0.6 - SSRF via oEmbed Bookmark
Summary
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T15:42:29.239311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:42:32.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://fluidattacks.com/advisories/regida"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Ghost",
"vendor": "Ghost",
"versions": [
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.130.3",
"status": "affected",
"version": "5.99.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.0.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "5.130.3",
"versionStartIncluding": "5.99.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.\u003cp\u003eThis issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:02:01.533Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/regida"
},
{
"tags": [
"product"
],
"url": "https://github.com/TryGhost/Ghost"
},
{
"tags": [
"patch"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v6.0.9"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ghost 6.0.6 - SSRF via oEmbed Bookmark",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2025-9862",
"datePublished": "2025-09-17T15:02:01.533Z",
"dateReserved": "2025-09-02T17:46:31.153Z",
"dateUpdated": "2025-09-17T15:42:32.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43409 (GCVE-0-2024-43409)
Vulnerability from cvelistv5 – Published: 2024-08-20 15:05 – Updated: 2024-09-03 14:58
VLAI?
Title
Ghost's improper authentication allows access to member information and actions
Summary
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThan": "5.89.5",
"status": "affected",
"version": "4.46.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:32:40.578943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:58:35.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ghost",
"vendor": "TryGhost",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.46.0 \u003c 5.89.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:05:04.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42"
},
{
"name": "https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db"
}
],
"source": {
"advisory": "GHSA-78x2-cwp9-5j42",
"discovery": "UNKNOWN"
},
"title": "Ghost\u0027s improper authentication allows access to member information and actions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43409",
"datePublished": "2024-08-20T15:05:04.338Z",
"dateReserved": "2024-08-12T18:02:04.966Z",
"dateUpdated": "2024-09-03T14:58:35.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34451 (GCVE-0-2024-34451)
Vulnerability from cvelistv5 – Published: 2024-06-16 00:00 – Updated: 2024-08-20 16:51 Disputed
VLAI?
Summary
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:5.85.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThanOrEqual": "5.85.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34451",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T16:44:00.831709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390 Weak Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T16:51:00.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor\u0027s position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T21:16:52.640925",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/"
},
{
"url": "https://github.com/TryGhost/Ghost/releases"
},
{
"url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34451",
"datePublished": "2024-06-16T00:00:00",
"dateReserved": "2024-05-03T00:00:00",
"dateUpdated": "2024-08-20T16:51:00.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34448 (GCVE-0-2024-34448)
Vulnerability from cvelistv5 – Published: 2024-05-22 16:01 – Updated: 2025-02-13 15:53
VLAI?
Summary
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ghost:ghost:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ghost",
"vendor": "ghost",
"versions": [
{
"lessThan": "5.82.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:42:59.254731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T20:43:58.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.82.0 allows CSV Injection during a member CSV export."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T16:01:29.517Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/phulelouch/CVEs/blob/main/CVE-2024-34448.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34448",
"datePublished": "2024-05-22T16:01:29.178Z",
"dateReserved": "2024-05-03T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:53:24.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23724 (GCVE-0-2024-23724)
Vulnerability from cvelistv5 – Published: 2024-02-11 00:00 – Updated: 2024-11-07 19:30 Disputed
VLAI?
Summary
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/pull/19646"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T17:17:21.892972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:30:18.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-11T00:03:23.626516",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://rhinosecuritylabs.com/blog/"
},
{
"url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"
},
{
"url": "https://github.com/TryGhost/Ghost/pull/19646"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23724",
"datePublished": "2024-02-11T00:00:00",
"dateReserved": "2024-01-21T00:00:00",
"dateUpdated": "2024-11-07T19:30:18.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23725 (GCVE-0-2024-23725)
Vulnerability from cvelistv5 – Published: 2024-01-21 00:00 – Updated: 2025-05-30 14:24
VLAI?
Summary
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/pull/17190"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:35:42.929395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:24:10.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-21T03:28:18.404Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/TryGhost/Ghost/pull/17190"
},
{
"url": "https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23725",
"datePublished": "2024-01-21T00:00:00.000Z",
"dateReserved": "2024-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-30T14:24:10.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}