EUVD-2022-2187

Malicious code in bioql PyPI...

EUVD-2022-5598

Malicious code in bioql PyPI...

CVE-2021-25974

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Summary A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. Details A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. T...

CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

CVE-2022-1553

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

PT-2023-16154 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify/publify versions prior to 9.2.10 Description: The issue is related to improper input validation. Recommendations: For versions prior to 9.2.10, update to version 9.2.10 or later to resolve the issue...

Publify 代码问题漏洞

Publify is a simple but full-featured web publishing software. A code issue vulnerability exists in Publify that stems from a business logic error in the product. The following products and versions are affected: Publify versions prior to 9.2.7...

CVE-2021-25975 Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

CVE-2021-25973

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only...

Improper access control

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only...

CVE-2014-3211

Publify before 8.0.1 is vulnerable to a Denial of Service attack...