GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.

**Cross-site Scripting in Ghost**

Moderate severity GitHub Reviewed Published Jan 21, 2024 to the GitHub Advisory Database • Updated Jan 22, 2024