Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.22)

WordPress Plugin CM Footnotes Cross-Site Scripting (1.1.4)

WordPress Plugin Post Connector Cross-Site Scripting (1.0.3)

WordPress Plugin WP-ViperGB Cross-Site Scripting (1.3.15)

WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS