Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5598

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00578EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39175

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authenticated stored cross-site scripting XSS issue exists because of insufficient validation of user-provided input when uploading API documents within the Publisher portal. An...

4.8CVSS5.4AI score0.00173EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.7 views

CVE-2021-25975

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

5.4CVSS5.7AI score0.00578EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.10 views

CVE-2021-25974

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS7.1AI score0.00578EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:3 a.m.7 views

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

7.2CVSS7.8AI score0.01276EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:4 a.m.14 views

BIT-PUBLIFY-2021-25974

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS5.6AI score0.00578EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 10:29 p.m.14 views

GHSA-WMH9-X28J-C6GR Cross site scripting in publify

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS5.6AI score0.00578EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 10:28 p.m.24 views

Cross site scripting in publify

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

5.4CVSS2AI score0.00578EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2022/05/24 10:28 p.m.3 views

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unrestricted file upload. This issue allows a user with a “publisher” role to inject malicious JavaScript code via the...

5.4CVSS5.3AI score0.00578EPSS
Exploits0References2
Veracode
Veracode
added 2021/11/11 4:13 a.m.18 views

Cross-site Scripting (XSS)

publifycore is vulnerable to cross-site scripting. An attacker with a publisher role can inject and execute malicious javascript while creating a page or article...

5.4CVSS1.9AI score0.00578EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2021/11/10 12:40 p.m.5 views

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. Detail...

5.4CVSS5.6AI score0.00578EPSS
Exploits0References2
NVD
NVD
added 2021/11/10 11:15 a.m.17 views

CVE-2021-25975

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

5.4CVSS0.00578EPSS
Exploits0References2
Prion
Prion
added 2021/11/10 11:15 a.m.12 views

Design/Logic Flaw

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

3.5CVSS5.7AI score0.00578EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/10 11:10 a.m.5 views

CVE-2021-25974 Publify - Stored Cross-Site Scripting (XSS) in Editor

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

5.4CVSS7AI score0.00578EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/10 12:0 a.m.3 views

PT-2021-16899 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify versions v8.0 through v9.2.4 Description: The issue is related to stored XSS due to an unrestricted file upload. This allows a user with the publisher role to inject malicious JavaScript via an uploaded html file. Recommendations: For...

5.4CVSS5.2AI score0.00578EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2021/11/10 12:0 a.m.3 views

PT-2021-16898 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: Publify versions v8.0 through v9.2.4 Description: The issue allows a user with a publisher role to inject and execute arbitrary JavaScript code, enabling stored XSS attacks. This can occur while creating a page or article, potentially through...

5.4CVSS5.8AI score0.00578EPSS
Exploits0References12
OSV
OSV
added 2020/11/23 8:15 p.m.14 views

CVE-2020-15248

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...

4.2CVSS4.7AI score
Exploits0References2
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.8 views

October CMS Permission and Access Control Issues Vulnerability

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October 1.0.319 and versions prior to 1.0.470, which stems from the fact that back-end users with the default "Publisher" system role can create a...

4.6CVSS5.8AI score0.00309EPSS
Exploits0References3
OSV
OSV
added 2019/06/18 2:15 p.m.10 views

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

7.2CVSS7.7AI score
Exploits0References2
NVD
NVD
added 2019/06/18 2:15 p.m.17 views

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

7.2CVSS7.3AI score0.01276EPSS
Exploits0References2
Rows per page
Query Builder