-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability was explicitly patched by adding _.escape() to excerptText in excerpt.js. The helper function's core responsibility is processing post excerpts for display, and the absence of output encoding made it directly vulnerable to XSS. The commit message and CVE description both confirm the vulnerability stemmed from unescaped excerpt rendering in this specific helper.
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ghost | npm | < 5.76.0 | 5.76.0 |
KEV Misses 88% of Exploited CVEs- Get the report