Back to directory
WRITEUP #454

CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover

XSSStored XSSAccount takeover
by@Tyler_Ramsbey(Tyler Ramsbey)
Program
Ghost
Published
Feb 13, 2024
Added to HackDex
Feb 27, 2024
Read Full Writeuphttps://rhinosecuritylabs.com/research/cve-2024-23724-ghost-cms-stored-xss/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Stored XSS in LibreOffice
XSSStored XSS
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexing
XSSStored XSS
Canary Token OSS Security Audit Report (Q2 2024)
XSSDoS
Type confusion attacks in ProseMirror editors
XSSType confusion

Built with ❤️ by Shubham Rawat