Rhino Security Labs

Technical Blog

CVE-2024-23724:
Ghost CMS Stored XSS Leading to Owner Takeover

Tyler Ramsbey
February 13, 2024

During research on the Ghost CMS application, the Rhino research team identified a Stored Cross-Site Scripting (XSS) vulnerability which can be triggered by a malicious profile image. This can be used for Ghost CMS instance takeover–…

Silverpeas App: Multiple CVEs leading to File Read on Server

Multiple Vulnerabilities In Extreme Networks ExtremeXOS

Attacking AWS Cognito with Pacu (p1)

David Kutz-Marks

In Part 1 of this post, we discuss common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation. In Part 2, we walk through our solution: two new modules for Pacu, our…