Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 05 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ghost
Ghost ghost |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:* | |
Vendors & Products |
Ghost
Ghost ghost |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-11T00:00:00
Updated: 2024-11-07T19:30:18.958Z
Reserved: 2024-01-21T00:00:00
Link: CVE-2024-23724
Vulnrichment
Updated: 2024-08-01T23:13:07.225Z
NVD
Status : Modified
Published: 2024-02-11T01:15:08.080
Modified: 2024-11-21T08:58:14.880
Link: CVE-2024-23724
Redhat
No data.