CVE-2024-23725

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 21, 2024

Updated: Jan 29, 2024

CWE ID 79

Summary

CVE-2024-23725 is a newly disclosed vulnerability affecting Ghost before version 5.76.0. This issue permits Cross-Site Scripting (XSS) attacks, allowing malicious actors to inject malicious scripts into post summaries. The XSS payload can be rendered through a manipulated post excerpt within the excerpt.js file. Successful exploitation of this vulnerability could lead to unauthorized access or data theft. Users are advised to upgrade to the latest version of Ghost to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uOW8Mz
https://www.cve.org/CVERecord?id=CVE-2024-23725
https://nvd.nist.gov/vuln/detail/CVE-2024-23725

Back to Vulnerability Database

CVE-2024-23725

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations