Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 6.1 npm

Cross-site Scripting in Ghost

GHSA-fh38-9fgr-454w · BIT-ghost-2024-23725 · CVE-2024-23725

Published · Modified

Description

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes