In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.
Start learningUpgrade ghost
to version 0.5.9 or higher.
ghost
is a blogging platform.
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks. An authenticated user can embed code in the blog's images, like the user avatar, cover image and blog image, with possible malicious intent to execute the code on the client-side. Additionally, another Cross-site Scripting (XSS) has been found in the Tag Manager. An authenticated user can create a new post and tag it with a tag containing javascript code. An administrator may want to delete this tag, triggering the javascript code. This will result in the administrator token is stolen and his session hijacked.
<>
You can read more about Cross-site Scripting (XSS)
on our blog.