Lucene search

PRIOn knowledge basePRION:CVE-2022-47197

HistoryJan 19, 2023 - 6:15 p.m.

Cross site scripting

2023-01-1918:15:00

PRIOn knowledge base

www.prio-n.com

xss

insecure default

ghost 5.9.4

javascript injection

privilege escalation

http request

stored xss

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

23.3%

JSON

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the codeinjection_foot for a post.

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1686