Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)

WordPress Cross-Site Scripting Vulnerability (3.0 - 3.6.1)

WordPress Plugin WPtouch 'wptouch_settings' Parameter Cross-Site Scripting (1.9.20)

WordPress Plugin eID Easy Cross-Site Scripting (4.6)

WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (3.5.7.1)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS