CVE-2022-47196
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-47196
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_head` for a post.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的缺省变量初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ghost Foundation Ghost 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ghost Foundation Ghost是Ghost开源的一款用 JavaScript 编写的个人博客系统。 Ghost Foundation Ghost 5.9.4存在安全漏洞,该漏洞源于Ghost Foundation Ghost 5.9.4 的创建后功能中存在一个不安全的默认漏洞。 Ghost 的默认安装允许非管理员用户在帖子中注入任意 Javascript,从而允许通过 XSS 将权限提升到管理员。 为了触发该漏洞,攻击者可以发送HTTP请求在帖子中注入Javascript,以诱使管理员访问帖
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Ghost Foundation | Ghost | 5.9.4 | - |
II. Public POCs for CVE-2022-47196
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-47196
请登录查看更多情报信息。
Same Patch Batch · Ghost Foundation · 2023-01-19 · 4 CVEs total
| CVE-2022-47194 | Ghost Foundation Ghost 安全漏洞 | |
| CVE-2022-47195 | Ghost Foundation Ghost 跨站脚本漏洞 | |
| CVE-2022-47197 | Ghost Foundation Ghost 跨站脚本漏洞 |
IV. Related Vulnerabilities
Same product: Ghost
- CVE-2026-29784
Ghost: Incomplete CSRF protections around OTC use - CVE-2026-29053
Ghost Vulnerable to Remote Code Execution via Malicious Them - CVE-2026-26365
Akamai Ghost 环境问题漏洞 - CVE-2026-26980
Ghost has a SQL Injection in its Content API - CVE-2026-24778
Ghost vulnerable to XSS via malicious Portal preview links
Same weakness: CWE-453
- CVE-2026-41330
OpenClaw < 2026.3.31 - Environment Variable Override via Hos - CVE-2025-61926
Allstar Reviewbot has Authentication Bypass via Hard-coded W - CVE-2025-47945
Donetick Has Weak Default JWT Secret - CVE-2024-49120
Windows Remote Desktop Services Remote Code Execution Vulner - CVE-2024-39916
NFS server misconfiguration allows file access outside the e
V. Comments for CVE-2022-47196
No comments yet