Ghost CMS Portal XSS Vulnerability Leads to Remote Script Injection

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

EXECUTIVE SUMMARY:

A cross-site scripting (XSS) flaw has been observed CVE-2026-24778 in Ghost CMS and its Portal component that allows an attacker to craft a specially designed link which, when clicked by an authenticated staff or member user, executes arbitrary JavaScript with the victims permissions and could lead to account compromise or takeover. This vulnerability affects multiple released versions of Ghost as well as Portal versions, and attackers require minimal complexity and no privileges to exploit it, though user interaction is necessary; patches have been issued in later versions of both Ghost and Portal to remediate the issue, and operators should update to the fixed versions to prevent exploitation. The vulnerability has a CVSS score of 8.8.

RECOMMENDATION:

We strongly recommend you update Ghost CMS and Portal to below link:

https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h

REFERENCES:

The following reports contain further technical details:

https://github.com/advisories/GHSA-gv6q-2m97-882h

Recent Advisories

Terminal Controller MCP Vulnerability Run Commands without Login

January 29, 2026

Next.js Vulnerability Generating Unbounded Traffic Processing Flows

January 29, 2026

vltpkg tar Vulnerability Exploits Remote Path Traversal and Directory Corruption

January 29, 2026

Multiple Vulnerabilities Discovered in NocoDB Application Putting Systems at Risk

January 29, 2026

Ghost CMS Portal XSS Vulnerability Leads to Remote Script Injection

Recent Advisories

Report an Incident