all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Vulnerability Spotlight: XSS vulnerability in Ghost CMS

Add to bookmarks
Jan. 19, 2023, 8:01 p.m. | Kri Dontje

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com

Dave McDaniel of Cisco Talos discovered this vulnerability.

Cisco Talos recently discovered a cross-site scripting (XSS) vulnerability in Ghost CMS.

Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subscriptions to members and supports a number of integrations with

build cisco cisco talos cms cross-site dave ghost integrations management newsletters paid paid subscriptions scripting send spotlight subscriptions system talos tools vulnerability vulnerability spotlight website xss

Visit resource

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Vulnerabilities in employee management system could lead to remote code execution, login credential theft 1 day, 18 hours ago | blog.talosintelligence.com
code code execution credential credential theft +21
Cisco Talos at RSAC 2024 2 days, 22 hours ago | blog.talosintelligence.com
announcements cisco cisco talos cybersecurity +12
James Nutland studies what makes threat actors tick, growing our understanding of the current APT … 3 days, 22 hours ago | blog.talosintelligence.com
adversary apt can current +14
The private sector probably isn’t coming to save the NVD 1 week ago | blog.talosintelligence.com
arcanedoor coming cybercrime isn +9
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist 1 week ago | blog.talosintelligence.com
adversaries attacks bec bec attacks +17
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices 1 week, 1 day ago | blog.talosintelligence.com
apt campaign campaigns devices +15
Suspected CoralRaider continues to expand victimology using three information stealers 1 week, 2 days ago | blog.talosintelligence.com
apt argument bypass command +17
What’s the deal with the massive backlog of vulnerabilities at the NVD? 1 week, 6 days ago | blog.talosintelligence.com
backlog current deal management +10
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? 2 weeks ago | blog.talosintelligence.com
account blocked court disinformation +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs