all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Vulnerability Spotlight: XSS vulnerability in Ghost CMS

Add to bookmarks
Jan. 19, 2023, 9:25 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Dave McDaniel of Cisco Talos discovered this vulnerability.

Cisco Talos recently discovered a cross-site scripting (XSS) vulnerability in Ghost CMS.

Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members and supports a number of integrations with external services.

The TALOS-2022-1686 (CVE-2022-47194-CVE-2022-47197) shows that several XSS vulnerabilities could lead to privilege escalation.

Ghost CMS separates users into four groups (five, if including the site owner) of increasing …

build cisco cisco talos cms cross-site cve dave escalation external ghost integrations management newsletters paid paid subscriptions privilege privilege escalation scripting send services spotlight subscriptions system talos tools vulnerabilities vulnerability vulnerability spotlight website xss

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Feds warn of new Kimsuky phishing attack techniques 19 minutes ago | malware.news
advanced advisory agency apt43 +29
The Impact of Cyber Attacks on the Stock Markets an hour ago | malware.news
attacks companies corporate cyber +13
Note to investors and security pros: drive innovation by going on the offensive 2 hours ago | malware.news
article cybersecurity drive innovation +10
New network to target migrant smugglers in the digital domain 2 hours ago | malware.news
alliance april aspect counter +17
New High-Severity Vulnerability in Apache ActiveMQ Poses Risk of Unauthorized Access: CVE-2024-32114 2 hours ago | malware.news
access activemq apache apache activemq +15
My impression of Botconf 2024 3 hours ago | malware.news
analysis botconf channel dotnet +13
Top 10 Free IoC Search & Enrichment Platforms 4 hours ago | malware.news
amp assets attacks breaches +33
ISC Stormcast For Friday, May 3rd, 2024 https://isc.sans.edu/podcastdetail/8966, (Fri, May 3rd) 11 hours ago | malware.news
topic
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360 14 hours ago | malware.news
article incident incident response link +4

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote
View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US
View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA
View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco
View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com
View more jobs