213 matches found
CVE-2022-2815
CVE-2022-2815 affects Publify/publify versions prior to 9.2.10 due to insecure storage of sensitive information in the GitHub repository. The provided sources describe the root cause as insecure storage, implying potential disclosure of sensitive data. Remediation: upgrade to version 9.2.10 or la...
CVE-2022-2815 Insecure Storage of Sensitive Information in publify/publify
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...
Publify Improper Input Validation vulnerability
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...
Publify Core does not strip metadata from images
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...
CVE-2022-1812 Integer Overflow or Wraparound in publify/publify
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10...
CVE-2022-1812 Integer Overflow or Wraparound in publify/publify
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10...
Publify 输入验证错误漏洞
Publify is a simple but full-featured web publishing software. versions of Publify prior to 9.2.10 contain an input validation error vulnerability that stems from the fact that it allows the insertion of large characters "title name and post field" into the input field of an article field, allowi...
CVE-2023-0299
CVE-2023-0299 involves Publify/publify with an improper input validation vulnerability in the GitHub repository, prior to version 9.2.10. The connected sources consistently describe this as an input validation error that affects Publify when processing article fields (e.g., title and post fields)...
CVE-2022-2815 Insecure Storage of Sensitive Information in publify/publify
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...
CVE-2023-0299 Improper Input Validation in publify/publify
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...
Publify arbitrary file upload vulnerability
Publify is a simple but full-featured web publishing software.An arbitrary file upload vulnerability exists in versions of Publify prior to 9.2.9, which stems from the application's lack of validation of uploaded files. An attacker could exploit this vulnerability to upload malicious files to...
Cross site scripting in publify
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
GHSA-WMH9-X28J-C6GR Cross site scripting in publify
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
Cross-site Scripting (XSS)
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unrestricted file upload. This issue allows a user with a “publisher” role to inject malicious JavaScript code via the...
Cross site scripting in publify
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...
GHSA-3H7V-WQW7-FF28 Cross site scripting in publify
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...
Cross-site Scripting (XSS)
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS by uploading a specially crafted HTML file. PoC: POST /admin/resources/upload HTTP/1.1 Host: demo-publify.herokuapp.com Cooki...
Improper Access Control
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where a low-privileged user can modify and delete admin articles by changing the value of the articleid parameter. Remediation...
Cross-site Scripting (XSS)
publify is vulnerable to stored cross-site scripting attacks. The vulnerability exists in the resourceuploader.rb due to lack of input validation which allows an attacker to inject and execute arbitrary javascript...
GHSA-C273-C6VG-4PV5 Publify has Improper Access Controls
A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...