CVE-2024-23724 – ghost

Package

Manager: npm
Name: ghost
Vulnerable Version: >=0 <=5.76.0 || >=0 <=5.76.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.38762 pctl0.97163

Details

Ghost has possible Cross-site Scripting issue Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."

Metadata

Created: 2024-02-11T03:30:17Z
Modified: 2024-09-05T16:14:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-99vc-xw8j-phjm/GHSA-99vc-xw8j-phjm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-99vc-xw8j-phjm
Finding: F425
Auto approve: 1