21 matches found
EUVD-2022-5598
Malicious code in bioql PyPI...
PT-2025-39175
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authenticated stored cross-site scripting XSS issue exists because of insufficient validation of user-provided input when uploading API documents within the Publisher portal. An...
CVE-2021-25975
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...
CVE-2021-25974
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...
BIT-PUBLIFY-2021-25974
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
GHSA-WMH9-X28J-C6GR Cross site scripting in publify
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
Cross site scripting in publify
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...
Cross-site Scripting (XSS)
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unrestricted file upload. This issue allows a user with a “publisher” role to inject malicious JavaScript code via the...
Cross-site Scripting (XSS)
publifycore is vulnerable to cross-site scripting. An attacker with a publisher role can inject and execute malicious javascript while creating a page or article...
Cross-site Scripting (XSS)
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. Detail...
CVE-2021-25975
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...
Design/Logic Flaw
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
CVE-2021-25974 Publify - Stored Cross-Site Scripting (XSS) in Editor
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...
PT-2021-16899 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: publify versions v8.0 through v9.2.4 Description: The issue is related to stored XSS due to an unrestricted file upload. This allows a user with the publisher role to inject malicious JavaScript via an uploaded html file. Recommendations: For...
PT-2021-16898 · Publify · Publify
Name of the Vulnerable Software and Affected Versions: Publify versions v8.0 through v9.2.4 Description: The issue allows a user with a publisher role to inject and execute arbitrary JavaScript code, enabling stored XSS attacks. This can occur while creating a page or article, potentially through...
CVE-2020-15248
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...
October CMS Permission and Access Control Issues Vulnerability
October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October 1.0.319 and versions prior to 1.0.470, which stems from the fact that back-end users with the default "Publisher" system role can create a...
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...
CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...