2 matches found
PT-2022-13238 · Rubygems +1 · Rubygems +1
Name of the Vulnerable Software and Affected Versions: Publify versions prior to 9.2.7 Description: The issue concerns business logic errors in the Publify repository. This affects the Rubygems typo package as well. There is no information provided about the estimated number of potentially affect...
PT-2021-16899 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: publify versions v8.0 through v9.2.4 Description: The issue is related to stored XSS due to an unrestricted file upload. This allows a user with the publisher role to inject malicious JavaScript via an uploaded html file. Recommendations: For...