Filtered by vendor Ghost
Subscriptions
Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-26510 | 1 Ghost | 1 Ghost | 2024-08-02 | 5.7 Medium |
Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | ||||
CVE-2024-23725 | 1 Ghost | 1 Ghost | 2024-08-01 | 6.1 Medium |
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. |