CVE-2026-53950: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TryGhost Ghost
A cross-site scripting (XSS) vulnerability exists in the ActivityPub client of TryGhost Ghost prior to version 3.1.0. This vulnerability allows JavaScript injection via posts shared by a maliciously customized ActivityPub server. The issue is fixed in version 3.1.0.
AI Analysis
Technical Summary
The @tryghost/activitypub client app in Ghost versions before 3.1.0 is vulnerable to improper neutralization of input during web page generation (CWE-79), enabling JavaScript injection through malicious ActivityPub posts. This vulnerability was assigned CVE-2026-53950 and has a CVSS 3.1 base score of 7.5, indicating high severity. The vulnerability is resolved in Ghost version 3.1.0.
Potential Impact
Successful exploitation can lead to high impact including confidentiality, integrity, and availability compromise due to JavaScript injection. This can result in unauthorized actions performed in the context of the victim's browser session when viewing malicious ActivityPub posts.
Mitigation Recommendations
Upgrade to Ghost version 3.1.0 or later where this vulnerability is fixed. Patch status is not explicitly stated beyond the fix in 3.1.0, so applying this update is the recommended remediation.
CVE-2026-53950: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TryGhost Ghost
Description
A cross-site scripting (XSS) vulnerability exists in the ActivityPub client of TryGhost Ghost prior to version 3.1.0. This vulnerability allows JavaScript injection via posts shared by a maliciously customized ActivityPub server. The issue is fixed in version 3.1.0.
CVSS v3.1
Score 7.5high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The @tryghost/activitypub client app in Ghost versions before 3.1.0 is vulnerable to improper neutralization of input during web page generation (CWE-79), enabling JavaScript injection through malicious ActivityPub posts. This vulnerability was assigned CVE-2026-53950 and has a CVSS 3.1 base score of 7.5, indicating high severity. The vulnerability is resolved in Ghost version 3.1.0.
Potential Impact
Successful exploitation can lead to high impact including confidentiality, integrity, and availability compromise due to JavaScript injection. This can result in unauthorized actions performed in the context of the victim's browser session when viewing malicious ActivityPub posts.
Mitigation Recommendations
Upgrade to Ghost version 3.1.0 or later where this vulnerability is fixed. Patch status is not explicitly stated beyond the fix in 3.1.0, so applying this update is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-11T15:50:01.281Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c2387748d17fc4ff2f775
Added to database: 06/24/2026, 18:35:51 UTC
Last enriched: 06/24/2026, 18:50:28 UTC
Last updated: 06/24/2026, 18:50:28 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.