Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Ghost CMS Theme Preview XSS (CVE-2021-29484) - Vulnerability Database

Ghost CMS Theme Preview XSS (CVE-2021-29484)

Description

A DOM XSS vulnerability exists in a special endpoint of Ghost CMS used only during the development of 4.0.0. The endpoint interacts with its DOM in an insecure way.

Remediation

Upgrade to the latest version of Ghost CMS

References

DOM XSS in Theme Preview

Related Vulnerabilities

Adobe Coldfusion 8 multiple linked XSS vulnerabilies High
Common tags: XSS
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13) High
Common tags: XSS
WordPress Plugin WordPress Appointment Booking and Online Scheduling by Appointy Cross-Site Scripting (2.40) High
Common tags: XSS
WordPress Plugin WordPress Colorbox Lightbox Cross-Site Scripting (1.1.2) High
Common tags: XSS
WordPress Plugin WordPress fancyBox Lightbox Cross-Site Scripting (1.0.1) High
Common tags: XSS

Severity

High

Classification

CVE-2021-29484
CWE-79
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

XSS