HomePentest-Tools.com Logo

Ghost CMS <=4.32 - Cross-Site Scripting CVE-2021-29484

Severity
CVSSv3 Score
6.8
Vulnerability description

Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.

Risk description

No risk description to display.

Recommendation

This issue has been fixed in 4.3.3.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Apr 29, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available