Younes Belalia

**Name of the Vulnerable Software and Affected Versions** Ghost versions 5.43.0 through 5.12.04 Ghost versions 6.0.0 through 6.14.0 Ghost Portal versions 2.29.1 through 2.51.4 Ghost Portal versions 2.52.0 through 2.57.0 **Description** Ghost is a content management system. An attacker can create a malicious link that, when accessed by an authenticated staff user or member, executes JavaScript with the victim's permissions, potentially leading to account takeover. **Recommendations** For Ghost 5.x installations, upgrade to version 5.121.0 or later. For Ghost 6.x installations, upgrade to version 6.15.0 or later. For Ghost installations using a customized or self-hosted version of Portal, manually rebuild from or update to the latest patch version.