all InfoSec news
Vulnerability Spotlight: XSS vulnerability in Ghost CMS
Malware Analysis, News and Indicators - Latest topics malware.news
Dave McDaniel of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered a cross-site scripting (XSS) vulnerability in Ghost CMS.
Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members and supports a number of integrations with external services.
The TALOS-2022-1686 (CVE-2022-47194-CVE-2022-47197) shows that several XSS vulnerabilities could lead to privilege escalation.
Ghost CMS separates users into four groups (five, if including the site owner) of increasing …
build cisco cisco talos cms cross-site cve dave escalation external ghost integrations management newsletters paid paid subscriptions privilege privilege escalation scripting send services spotlight subscriptions system talos tools vulnerabilities vulnerability vulnerability spotlight website xss