from 0, <= 4.39.0
from 0, <= 4.42.0
>= 3.24.0, < 6.19.1
HIGH8.8Ghost vulnerable to XSS via malicious Portal preview links
>= 5.43.0, < 5.121.0
HIGH8.5ghost vulnerable to unauthorized newsletter modification via improper access controls
>= 5.0.0, < 5.22.7
HIGH8.1Ghost has Staff Token permission bypass
>= 6.0.0, < 6.11.0
HIGH8.1Ghost has Staff 2FA bypass
>= 6.0.0, < 6.11.0
HIGH8.1Server-side request forgery in Ghost CMS
from 0, < 3.10.0
HIGH7.6Ghost Vulnerable to Remote Code Execution via Malicious Themes
>= 0.7.2, < 6.19.1
HIGH7.5Ghost has incomplete CSRF protections around OTC use
>= 5.101.6, < 6.19.3
HIGH7.5Path Traversal in Ghost
from 0, < 5.42.1
HIGH7.5Ghost vulnerable to information disclosure of private API fields
from 0, < 5.46.1
MEDIUM6.8DOM XSS in Theme Preview
>= 4.0.0, < 4.3.3
MEDIUM6.7Ghost has SQL Injection in Members Activity Feed
>= 6.0.0, < 6.11.0
MEDIUM6.5Ghost's improper authentication allows access to member information and actions
>= 4.46.0, < 5.89.5
MEDIUM6.5Ghost has possible Cross-site Scripting issue
from 0, <= 5.76.0
MEDIUM6.5Privilege escalation: all users can access Admin-level API keys
>= 4.0.0, < 4.10.0
MEDIUM6.1Cross-site Scripting in Ghost
from 0, < 5.76.0
MEDIUM4.9Ghost vulnerable to arbitrary file read via symlinks in content import
from 0, < 5.59.1
—Ghost has SSRF via External Media Inliner
>= 6.0.0, < 6.11.0
—Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark
>= 6.0.0, < 6.0.9