ghost@5.80.2 vulnerabilities
The professional publishing platform
-
latest version
5.82.4
-
first published
12 years ago
-
latest version published
a day ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the ghost package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via an SVG profile picture upload. A contributor user can cause scripts to be executed as owner. How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
*
|
ghost is a publishing platform Affected versions of this package are vulnerable to Access Restriction Bypass that allows contributors to view draft posts of other users via the NOTE: The vendor's position is that this behavior has no security impact. How to fix Access Restriction Bypass? There is no fixed version for |
>=0.4.2-rc1
|
ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=0.0.0
|
ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=0.0.0
|
ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=0.0.0
|
ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=0.0.0
|