Vulnerability Spotlight XSS vulnerability in Ghost CMS


Cross-site scripting (XSS) vulnerability in Ghost CMS was just found by Cisco Talos. A content management system called Ghost offers capabilities for creating websites, disseminating material, and sending newsletters. Ghost allows for several external service connections and provides users with paid subscriptions. Ghost CMS divides users into four groups—or five, if the site owner is included—each with a progressively higher level of privilege: Contributor, Author, Editor, and Administrator. Users who can just create posts but not publish them are known as contributors and have the fewest rights. All users have the option to add a few more bits of information that will appear on their author pages and posts, in addition to social network connections.

Read More…