CVE-2024-23724

Name of the Vulnerable Software and Affected Versions Ghost versions prior to 5.76.0

Description The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack by sending a specially crafted malicious SVG file containing JavaScript code to the TCP port 3001. This can lead to stored XSS and resultant privilege escalation, where a contributor can take over any account. The attack is carried out via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001.

Recommendations For Ghost versions prior to 5.76.0, consider disabling the ability to upload SVG files as profile pictures until a patch is available. Restrict access to the API on localhost TCP port 3001 to minimize the risk of exploitation. Avoid using the profile picture feature in the affected Ghost versions until the issue is resolved.