Skip to content

Commit 1a541b9

Browse files
TeneBrae93TeneBrae93
authored
Update README.md
1 parent f4247a1 commit 1a541b9

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

CVE-2024-23724/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover
22

33
## Information
4-
**Description:** Ghost CMS through 5.76.0 allows Stored XSS, and resultant privilege escalation in which a contributor can take ownership of the tenant, via an SVG profile picture that contains JavaScript code to interact with the API on TCP Port 3001. <br>
4+
**Description:** Ghost CMS through 5.76.0 allows Stored XSS, and resultant privilege escalation in which a contributor can take ownership of the tenant, via an SVG profile picture that contains JavaScript code. <br>
55
**Versions Affected:** Confirmed on 5.76.0 but affects all versions <br>
66
**Version Fixed:** [Pull Request #19646](https://github.com/TryGhost/Ghost/pull/19646) (Open) <br>
77
**Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)

0 commit comments

Comments
 (0)