Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)

WordPress Plugin WP-TopBar Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (4.02)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.7.2.2)

WordPress Plugin WP Fountain Cross-Site Scripting (1.5.9)

WordPress Plugin WP Customize Login Cross-Site Scripting (1.1)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS