writeups.xyz / CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover

Submitter : c2a

Date: 13 February 2024

Bounty : undisclosed

Vulnerabilities :

• Stored XSS
• Account Takeover

Programs :

• Ghost

Authors :

• Tyler Ramsbey (@Tyler_Ramsbey)

Link :
https://rhinosecuritylabs.com/research/cve-2024-23724-ghost-cms-stored-xss/