13 matches found
CVE-2022-1811
CVE-2022-1811 applies to Publify/Publify prior to 9.2.9. The vulnerability is an unrestricted upload of a file with a dangerous type due to insufficient validation of uploaded files in the application, enabling potential remote code execution. Affected software: Publify (GitHub repo publify/publi...
CVE-2022-1553
CVE-2022-1553 affects Publify (publify/publify) prior to 9.2.8. The vulnerability arises from improper access control that can disclose the contents of password‑protected articles, compromising confidentiality and integrity. Documents consistently describe information disclosure via article conte...
CVE-2022-0574
Summary: CVE-2022-0574 affects Publify (publify/publify) prior to version 9.2.8 and is due to improper access control. The vulnerability allows anonymous users to leave comments on articles in draft mode, which should not be possible. The available documents describe the issue as an access‑contro...
CVE-2022-0578
The CVE-2022-0578 entry relates to a code injection vulnerability in Publify/publify prior to version 9.2.8. Affected software is Publify (GitHub repository publify/publify). The connected records consistently describe it as a code injection issue but do not provide concrete details on the root c...
CVE-2023-0569
CVE-2023-0569 affects publify/publify prior to version 9.2.10. The issue is described as weak password requirements in the GitHub repository Publify. Affected component: authentication/password policy within Publify. Impact noted in multiple feeds as a security vulnerability allowing weak passwor...
CVE-2022-1810
CVE-2022-1810 affects Publify/publify before 9.2.9, where an authorization bypass is possible through a user-controlled key. The issue concerns access control of admin content, enabling a low-privilege user to modify/delete administrator posts. Affected product: Publify web publishing software. R...
CVE-2021-25974
CVE-2021-25974 affects Publify versions 8.0–9.2.4 and involves stored XSS in page/article creation (and, per related notes, via unrestricted file upload). A user with a publisher role can inject/execute arbitrary JavaScript; no remediation details are provided in the supplied documents. Monitor f...
CVE-2021-25973
Affected software: Publify (versions 9.0.0.pre1–9.2.4). Vulnerability type: Improper Access Control allowing a guest user to self-register even when the admin disallows it, resulting from front-end restriction rather than server-side controls. Impact (as described): Guest users can create account...
CVE-2022-0524
CVE-2022-0524 concerns business logic errors in Publify (Typo) prior to version 9.2.7. Multiple sources confirm the issue affects the Publify repository and Rubygems packaging, with remediation to update to 9.2.7 or later. The available documents describe the vulnerability class as business logic...
CVE-2022-1812
CVE-2022-1812 affects the Publify web publishing software, specifically the GitHub repository publify/publify prior to version 9.2.10. The issue is an Integer Overflow or Wraparound in Publify, with root cause tied to an overflow risk (and an extended note from GHSA/RH and OSV sources) related to...
CVE-2021-25975
CVE-2021-25975 affects Publify (versions 8.0–9.2.4). Root cause is an unrestricted file upload that enables stored XSS via a uploaded HTML file, exploitable by a user with publisher role. Documents confirm the vulnerability and impacted release range; no explicit remediation or in-the-wild exploi...
CVE-2023-0299
CVE-2023-0299 involves Publify/publify with an improper input validation vulnerability in the GitHub repository, prior to version 9.2.10. The connected sources consistently describe this as an input validation error that affects Publify when processing article fields (e.g., title and post fields)...
CVE-2022-2815
CVE-2022-2815 affects Publify/publify versions prior to 9.2.10 due to insecure storage of sensitive information in the GitHub repository. The provided sources describe the root cause as insecure storage, implying potential disclosure of sensitive data. Remediation: upgrade to version 9.2.10 or la...