Lucene search
+L

213 matches found

CVE
CVE
added 2023/01/14 12:0 a.m.73 views

CVE-2022-2815

CVE-2022-2815 affects Publify/publify versions prior to 9.2.10 due to insecure storage of sensitive information in the GitHub repository. The provided sources describe the root cause as insecure storage, implying potential disclosure of sensitive data. Remediation: upgrade to version 9.2.10 or la...

6.5CVSS5.4AI score0.00562EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/14 12:0 a.m.7 views

CVE-2022-2815 Insecure Storage of Sensitive Information in publify/publify

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...

4.6CVSS6.5AI score0.00562EPSS
Exploits1References2
RubySec
RubySec
added 2023/01/14 12:0 a.m.13 views

Publify Improper Input Validation vulnerability

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...

9.8CVSS2.5AI score0.00909EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2023/01/14 12:0 a.m.26 views

Publify Core does not strip metadata from images

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...

6.5CVSS1.4AI score0.00562EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/14 12:0 a.m.8 views

CVE-2022-1812 Integer Overflow or Wraparound in publify/publify

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10...

7.6CVSS9.5AI score0.30778EPSS
Exploits1References2
OSV
OSV
added 2023/01/14 12:0 a.m.19 views

CVE-2022-1812 Integer Overflow or Wraparound in publify/publify

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10...

7.6CVSS7.8AI score0.30778EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/14 12:0 a.m.7 views

Publify 输入验证错误漏洞

Publify is a simple but full-featured web publishing software. versions of Publify prior to 9.2.10 contain an input validation error vulnerability that stems from the fact that it allows the insertion of large characters "title name and post field" into the input field of an article field, allowi...

9.8CVSS8AI score0.00909EPSS
Exploits1References3
CVE
CVE
added 2023/01/14 12:0 a.m.76 views

CVE-2023-0299

CVE-2023-0299 involves Publify/publify with an improper input validation vulnerability in the GitHub repository, prior to version 9.2.10. The connected sources consistently describe this as an input validation error that affects Publify when processing article fields (e.g., title and post fields)...

9.8CVSS9.2AI score0.00909EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/01/14 12:0 a.m.23 views

CVE-2022-2815 Insecure Storage of Sensitive Information in publify/publify

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...

4.6CVSS4.7AI score0.00562EPSS
Exploits1References4
OSV
OSV
added 2023/01/14 12:0 a.m.19 views

CVE-2023-0299 Improper Input Validation in publify/publify

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...

8.4CVSS8.3AI score0.00909EPSS
Exploits1References4
CNVD
CNVD
added 2022/05/25 12:0 a.m.66 views

Publify arbitrary file upload vulnerability

Publify is a simple but full-featured web publishing software.An arbitrary file upload vulnerability exists in versions of Publify prior to 9.2.9, which stems from the application's lack of validation of uploaded files. An attacker could exploit this vulnerability to upload malicious files to...

3.5CVSS5.1AI score0.00731EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:29 p.m.35 views

Cross site scripting in publify

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS3.1AI score0.00578EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 10:29 p.m.14 views

GHSA-WMH9-X28J-C6GR Cross site scripting in publify

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS5.6AI score0.00578EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/24 10:28 p.m.3 views

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unrestricted file upload. This issue allows a user with a “publisher” role to inject malicious JavaScript code via the...

5.4CVSS5.3AI score0.00578EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 10:28 p.m.25 views

Cross site scripting in publify

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

5.4CVSS2AI score0.00578EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 10:28 p.m.20 views

GHSA-3H7V-WQW7-FF28 Cross site scripting in publify

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

5.4CVSS5AI score0.00578EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/24 6:58 a.m.1 views

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS by uploading a specially crafted HTML file. PoC: POST /admin/resources/upload HTTP/1.1 Host: demo-publify.herokuapp.com Cooki...

9.1CVSS5.3AI score0.00731EPSS
Exploits1References2
Snyk
Snyk
added 2022/05/24 6:52 a.m.2 views

Improper Access Control

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where a low-privileged user can modify and delete admin articles by changing the value of the articleid parameter. Remediation...

9.9CVSS6.8AI score0.00803EPSS
Exploits1References2
Veracode
Veracode
added 2022/05/24 3:8 a.m.23 views

Cross-site Scripting (XSS)

publify is vulnerable to stored cross-site scripting attacks. The vulnerability exists in the resourceuploader.rb due to lack of input validation which allows an attacker to inject and execute arbitrary javascript...

5.4CVSS5.4AI score0.00731EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 12:1 a.m.22 views

GHSA-C273-C6VG-4PV5 Publify has Improper Access Controls

A low-privileged user can modify and delete admin articles by changing the value of the articleid parameter prior to 9.2.9...

4.3CVSS4.3AI score0.00803EPSS
Exploits1References5
Rows per page
Query Builder