Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

WordPress Plugin AgentEasy Properties Cross-Site Scripting (1.0.4)

WordPress Plugin Fast Secure Contact Form Cross-Site Scripting (4.0.37)

WordPress Plugin WooCommerce SagePay Direct Payment Gateway Multiple Cross-Site Scripting Vulnerabilities (0.1.6.6)

WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.7.3)

WordPress Plugin GS Books Showcase Cross-Site Scripting (1.3.0)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS