CVE-2024-23725 Information

Description

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.

Reference

https://github.com/TryGhost/Ghost/pull/17190 https://github.com/TryGhost/Ghost/releases/tag/v5.76.0