CNNVD-202601-4443 Information

CNNVD ID

CNNVD-202601-4443

Related CVE

CVE-2026-24778

• CNNVD Published: 2026-01-27

Description (Chinese)

Ghost是Ghost开源的一个托管服务。 Ghost 5.43.0至5.12.04版本和6.0.0至6.14.0版本存在跨站脚本漏洞，该漏洞源于特制链接可能执行JavaScript，可能导致账户接管。

Description (English)

Ghost is a hosting service for the Ghost Open Source. Ghost 5.43.0-5.12.04 and 6.0.0-6.14.0 have a cross-site script loophole, which stems from the possibility of a special link to implement JavaScript, which could lead to the account taking over.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Ghost

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa143849 https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h

Patch

https://github.com/TryGhost/Ghost/releases