Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

WordPress Plugin WP SMS Cross-Site Scripting (5.4.12)

WordPress Plugin Post to CSV by BestWebSoft Cross-Site Scripting (1.3.0)

WordPress Plugin Pym.js Embeds Cross-Site Scripting (1.3.2)

WordPress Plugin myghpay WooCommerce Payment Gateway Cross-Site Scripting (3.0)

WordPress Plugin Mimetic Books Cross-Site Scripting (0.2.13)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS