Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

WordPress Plugin Qyrr-simply and modern QR-Code creation Cross-Site Scripting (0.6)

WordPress Plugin Woocommerce Categories in gallery format Cross-Site Scripting (1.0.1)

WordPress Plugin WP-VR-view-Add Photo Sphere, 360 video to WordPress Cross-Site Scripting (1.6)

WordPress Plugin WP-Matomo (WP-Piwik) Cross-Site Scripting (1.0.10)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.9)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS