Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost: Incomplete CSRF protections around OTC use
Vulnerability Description
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Ghost 跨站请求伪造漏洞
Vulnerability Description
Ghost是Ghost开源的一个托管服务。 Ghost 5.101.6至6.19.2版本存在跨站请求伪造漏洞,该漏洞源于会话验证存在不完整的跨站请求伪造保护,可能导致钓鱼攻击者接管站点。
CVSS Information
N/A
Vulnerability Type
N/A