bug-bounty449
google357
microsoft315
facebook267
xss239
apple181
malware175
rce149
exploit128
bragging-post101
cve100
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass62
dos60
browser59
reflected-xss57
react51
cloudflare49
reverse-engineering48
cross-site-scripting48
input-validation48
access-control47
docker46
smart-contract45
node45
aws45
web343
ethereum43
defi42
sql-injection42
web-application41
web-security40
ssrf38
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
race-condition33
buffer-overflow33
cloud33
html-injection33
writeup32
oauth32
smart-contract-vulnerability32
pentest30
0
6/10
vulnerability
A reflected/stored XSS vulnerability in Ghost CMS's /ghost/api/v0.1/settings/ API endpoint affecting logo, cover_image, ghost_head, and ghost_foot parameters. While requiring authenticated admin/owner access, the vulnerability persists across multiple versions (1.24.9 through at least 2.2.0) and executes payloads on every page of the website.
xss
cross-site-scripting
ghost-blog
api-security
put-request
authenticated-vulnerability
cors-bypass
vulnerability-disclosure
content-management-system
Ghost
VoidSec
CORS Anywhere
CVE (referenced but not specified)