We found results for “”
WS-2014-0063
Date: October 24, 2014
Overview
In Ghost CMS versions before v0.5.4 are vulnerable to cross-site scripting (XSS).Details
In Ghost CMS versions before v0.5.4 are vulnerable to cross-site scripting (XSS) when displaying unsensitized user input in the meta title and description fields.Affected Environments
Ghost CMS versions before 0.5.4Prevention
Upgrade to Ghost CMS version 0.5.4Language: JS
Good to know:
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | Low |
User Interaction (UI): | Required |
Scope (S): | Changed |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |