Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

WordPress Plugin EventON Cross-Site Scripting (3.0.5)

Drupal Core 7.x Cross-Site Scripting (7.0 - 7.64)

WordPress Plugin Google Maps CP Cross-Site Scripting (1.0.3)

WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)

WordPress Plugin Simple Page Ordering Cross-Site Scripting (2.2.1)

Severity

High

Classification

CVE-2021-29484 CWE-79 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS