CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover
Tyler Ramsbey
February 13, 2024
During research on the Ghost CMS application, the Rhino research team identified a Stored Cross-Site Scripting (XSS) vulnerability which can be triggered by a malicious profile image. This can be used for Ghost CMS instance takeover–…
In Part 1 of this post, we discuss common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation. In Part 2, we walk through our solution: two new modules for Pacu, our…