213 matches found
The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS)
Description Please enter a description of the vulnerability. Proof of Concept 1 - Create New article https://demo-publify.herokuapp.com/admin/content/new 2 - Fill the title name and post field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click o...
Publify Access Control Error Vulnerability
Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...
Publify code injection vulnerability
Publify is a simple but full-featured web publishing software.A code injection vulnerability exists in versions of Publify prior to 9.2.8, which stems from the existence of a code injection vulnerability, for which no detailed vulnerability details are currently available...
Publify Information Disclosure Vulnerability
Publify is a simple but full-featured web publishing software.An information disclosure vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from the content of an article revealing a password in the response meta tag, which could be exploited by an attacker to view...
GHSA-VQ74-9583-HRM4 Publify vulnerable to DoS attack
Publify before 8.0.1 is vulnerable to a Denial of Service attack...
Publify vulnerable to DoS attack
Publify before 8.0.1 is vulnerable to a Denial of Service attack...
Cross-site Scripting (XSS)
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper validation of comments, which makes it possible for an attacker to inject an HTML code. PoC: Details Cross-si...
Information Exposure
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Information Exposure. When a request is made to a password-protected article, the UI shows it requires a password to view content, but the content of...
Improper Access Control
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where it is possible for anonymous users to leave comments on an article in draft mode. Remediation Upgrade publifycore to...
Publify exposes article metadata
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...
GHSA-5JM7-G527-M694 Publify exposes article metadata
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...
Publify vulnerable to code injection
Code Injection in GitHub repository publify/publify prior to 9.2.8...
GHSA-W78Q-4W34-JRJX Publify vulnerable to code injection
Code Injection in GitHub repository publify/publify prior to 9.2.8...
GHSA-79M3-Q3WH-C3QM Publify Incorrect Authorization
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...
Article metadata exposure in publify
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...
Incorrect Authorization in publify
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...
Code injection in publify
Code Injection in GitHub repository publify/publify prior to 9.2.8...
CVE-2022-1553
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...
CVE-2022-0574
Improper Access Control in GitHub repository publify/publify prior to 9.2.8...
CVE-2022-0578
Code Injection in GitHub repository publify/publify prior to 9.2.8...