GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

GHSA-ffcv-v6pw-qhrp: Denial of Service in TYPO3 Bookmark Toolbar

GHSA-9cp9-8gw2-8v7m: Adguard Home arbitrary file read vulnerability

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."

**Ghost has possible Cross-site Scripting issue**

Moderate severity GitHub Reviewed Published Feb 11, 2024 to the GitHub Advisory Database • Updated Feb 12, 2024

Headline

GHSA-99vc-xw8j-phjm: Ghost has possible Cross-site Scripting issue

ghsa: Latest News