How severe is CVE-2022-47195?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2022-47195?

This is classified as CWE-453, which is a common weakness in software security.

CVE-2022-47195 - CRITICAL Severity | CVSS 9

Vulnerability Description

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `facebook` field for a user.

Related Vulnerabilities

CVE-2022-47194

CRITICAL

CVSS:9.0(Critical)

CWE-4532022

CVE-2022-47196

CRITICAL

CVSS:9.0(Critical)

CWE-4532022

CVE-2022-47197

CRITICAL

CVSS:9.0(Critical)

CWE-4532022

CVE-2025-47945

CRITICAL

CVSS:9.1(Critical)

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. Whil...

CWE-4532025

CVE-2024-21411

HIGH

CVSS:8.8(High)

Skype for Consumer Remote Code Execution Vulnerability

CWE-4532024

CVE-2021-27426

CRITICAL

CVSS:9.8(Critical)

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

CWE-4532021