Lucene search
+L

213 matches found

Huntr
Huntr
added 2022/05/22 8:47 p.m.27 views

The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS)

Description Please enter a description of the vulnerability. Proof of Concept 1 - Create New article https://demo-publify.herokuapp.com/admin/content/new 2 - Fill the title name and post field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click o...

7.5CVSS8.9AI score0.00909EPSS
Exploits1
CNVD
CNVD
added 2022/05/18 12:0 a.m.59 views

Publify Access Control Error Vulnerability

Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...

6.4CVSS5AI score0.00804EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/18 12:0 a.m.17 views

Publify code injection vulnerability

Publify is a simple but full-featured web publishing software.A code injection vulnerability exists in versions of Publify prior to 9.2.8, which stems from the existence of a code injection vulnerability, for which no detailed vulnerability details are currently available...

6.5CVSS3.4AI score0.00855EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/18 12:0 a.m.46 views

Publify Information Disclosure Vulnerability

Publify is a simple but full-featured web publishing software.An information disclosure vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from the content of an article revealing a password in the response meta tag, which could be exploited by an attacker to view...

4CVSS3AI score0.01192EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/05/17 7:57 p.m.12 views

GHSA-VQ74-9583-HRM4 Publify vulnerable to DoS attack

Publify before 8.0.1 is vulnerable to a Denial of Service attack...

7.5CVSS7.4AI score0.01083EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.22 views

Publify vulnerable to DoS attack

Publify before 8.0.1 is vulnerable to a Denial of Service attack...

7.5CVSS6.8AI score0.01083EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2022/05/17 10:12 a.m.1 views

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper validation of comments, which makes it possible for an attacker to inject an HTML code. PoC: Details Cross-si...

6.5CVSS5.2AI score0.00855EPSS
Exploits1References2
Snyk
Snyk
added 2022/05/17 10:7 a.m.2 views

Information Exposure

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Information Exposure. When a request is made to a password-protected article, the UI shows it requires a password to view content, but the content of...

8.8CVSS6.9AI score0.01192EPSS
Exploits1References2
Snyk
Snyk
added 2022/05/17 9:59 a.m.2 views

Improper Access Control

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where it is possible for anonymous users to leave comments on an article in draft mode. Remediation Upgrade publifycore to...

6.5CVSS6.8AI score0.00804EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/17 12:1 a.m.29 views

Publify exposes article metadata

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

8.8CVSS5.5AI score0.01192EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 12:1 a.m.23 views

GHSA-5JM7-G527-M694 Publify exposes article metadata

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

4.9CVSS4.9AI score0.01192EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 12:1 a.m.23 views

Publify vulnerable to code injection

Code Injection in GitHub repository publify/publify prior to 9.2.8...

6.5CVSS6.8AI score0.00855EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 12:1 a.m.21 views

GHSA-W78Q-4W34-JRJX Publify vulnerable to code injection

Code Injection in GitHub repository publify/publify prior to 9.2.8...

6.5CVSS6.6AI score0.00855EPSS
Exploits1References5
OSV
OSV
added 2022/05/17 12:1 a.m.28 views

GHSA-79M3-Q3WH-C3QM Publify Incorrect Authorization

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...

6.5CVSS6.3AI score0.00804EPSS
Exploits1References5
RubySec
RubySec
added 2022/05/17 12:0 a.m.17 views

Article metadata exposure in publify

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

8.8CVSS4.4AI score0.01192EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/17 12:0 a.m.15 views

Incorrect Authorization in publify

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...

6.5CVSS4.4AI score0.00804EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/17 12:0 a.m.14 views

Code injection in publify

Code Injection in GitHub repository publify/publify prior to 9.2.8...

6.5CVSS7.6AI score0.00855EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1553

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

8.8CVSS6.8AI score0.01192EPSS
Exploits1References3
NVD
NVD
added 2022/05/16 3:15 p.m.30 views

CVE-2022-0574

Improper Access Control in GitHub repository publify/publify prior to 9.2.8...

6.5CVSS0.00804EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.6 views

CVE-2022-0578

Code Injection in GitHub repository publify/publify prior to 9.2.8...

6.5CVSS6AI score0.00855EPSS
Exploits1References3
Rows per page
Query Builder