Moderate severityNVD Advisory· Published Jan 21, 2024· Updated May 30, 2025
CVE-2024-23725
CVE-2024-23725
Description
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ghostnpm | < 5.76.0 | 5.76.0 |
Affected products
3- osv-coords2 versions
< 5.76.0+ 1 more
- (no CPE)range: < 5.76.0
- (no CPE)range: < 5.76.0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.