Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HGhost
APPGhost≤ 5.76.0
Related vulnerabilities
Ghost CMS: nieuwierzytelniony odczyt bazy danych przez SQL injection
Ghost CMS – obejście limitu prób uwierzytelnienia przez nagłówki X-Forwarded-For
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to exec...
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute ...
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections arou...