4 matches found
CVE-2021-25974
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
CVE-2021-25974
creationtimestamp| type| source ---|---|--- 2021-11-10 14:36:22+00:00| seen| https://t.me/cibsecurity/32148...
CVE-2021-25974 Publify - Stored Cross-Site Scripting (XSS) in Editor
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
CVE-2021-25974
CVE-2021-25974 affects Publify versions 8.0–9.2.4 and involves stored XSS in page/article creation (and, per related notes, via unrestricted file upload). A user with a publisher role can inject/execute arbitrary JavaScript; no remediation details are provided in the supplied documents. Monitor f...