TryGhost/Ghost

採点内訳

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (18 件)

• HIGHGHSA-9m84-wc28-w895CVE-2026-297842026/3/4
  Incomplete CSRF protections around OTC use
• HIGHGHSA-cgc2-rcrh-qr5xCVE-2026-290532026/3/2
  Remote Code Execution via Malicious Themes
• CRITICALGHSA-w52v-v783-gw97CVE-2026-269802026/2/16
  SQL injection in Content API
• HIGHGHSA-gv6q-2m97-882hCVE-2026-247782026/1/27
  XSS via malicious Portal preview links
• MEDIUMGHSA-gjrp-xgmh-x9qqCVE-2026-225962026/1/8
  SQL Injection in Members Activity Feed
• MEDIUMGHSA-vmc4-9828-r48rCVE-2026-225972026/1/8
  SSRF via External Media Inliner
• HIGHGHSA-9xg7-mwmp-xmjxCVE-2026-225952026/1/8
  Staff Token permission bypass
• HIGHGHSA-5fp7-g646-ccf4CVE-2026-225942026/1/8
  Staff 2FA bypass
• MEDIUMGHSA-f7qg-xj45-w956CVE-2025-98622025/9/14
  SSRF via oEmbed Bookmark
• MEDIUMGHSA-78x2-cwp9-5j42CVE-2024-434092024/8/20
  Improper authentication allows access to member information and actions
• MEDIUMGHSA-9c9v-w225-v5rgCVE-2023-400282023/8/15
  Arbitrary file read via symlinks in content import
• HIGHGHSA-r97q-ghch-82j9CVE-2023-311332023/5/3
  Information disclosure of private API fields
• HIGHGHSA-9gh8-wp53-ccc6CVE-2022-416542022/11/28
  Unauthorized Newsletter Modification
• MEDIUMGHSA-7v28-g2pq-ggg8CVE-2022-247852022/6/15
  Remote code execution in locale setting change
• MEDIUMGHSA-65p7-pjj8-ggmr2021/9/23
  Member account takeover
• MEDIUMGHSA-wfrj-qqc2-83cm2021/9/17
  Remote command injection when using sendmail email transport
• MEDIUMGHSA-j5c2-hm46-wp5cCVE-2021-391922021/7/20
  Privilege escalation: all users can access Admin-level API keys
• HIGHGHSA-9fgx-q25h-jxrgCVE-2021-294842021/4/29
  DOM XSS in Theme Preview