CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686	Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ghost:ghost:5.9.4:*:*:*:*:node.js:*:*

History

21 Nov 2024, 07:31

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad predeterminada insegura en la funcionalidad de creación posterior de Ghost Foundation Ghost 5.9.4. Las instalaciones predeterminadas de Ghost permiten a los usuarios que no son administradores inyectar Javascript arbitrario en las publicaciones, lo que permite escalar privilegios al administrador a través de XSS. Para desencadenar esta vulnerabilidad, un atacante puede enviar una solicitud HTTP para inyectar Javascript en una publicación para engañar a un administrador para que visite la publicación. Existe una vulnerabilidad XSS almacenada en `codeinjection_foot` de una publicación.
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686 - Exploit, Third Party Advisory~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686 - Exploit, Third Party Advisory

Information

Published : 2023-01-19 18:15

Updated : 2024-11-21 07:31

NVD link : CVE-2022-47197

Mitre link : CVE-2022-47197

CVE.ORG link : CVE-2022-47197

JSON object : View

Products Affected

ghost

ghost

CWE

CWE-453

Insecure Default Variable Initialization

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-47197", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-01-19T18:15:14.650", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1686", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-453"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post."}, {"lang": "es", "value": "Existe una vulnerabilidad predeterminada insegura en la funcionalidad de creaci\u00f3n posterior de Ghost Foundation Ghost 5.9.4. Las instalaciones predeterminadas de Ghost permiten a los usuarios que no son administradores inyectar Javascript arbitrario en las publicaciones, lo que permite escalar privilegios al administrador a trav\u00e9s de XSS. Para desencadenar esta vulnerabilidad, un atacante puede enviar una solicitud HTTP para inyectar Javascript en una publicaci\u00f3n para enga\u00f1ar a un administrador para que visite la publicaci\u00f3n. Existe una vulnerabilidad XSS almacenada en `codeinjection_foot` de una publicaci\u00f3n."}], "lastModified": "2024-11-21T07:31:41.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:5.9.4:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "83AD75D8-518F-4F53-98F0-8AFA3F7B18D9"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}