Lucene search
K
Publify ProjectPublify

13 matches found

CVE
CVE
added 2022/05/23 1:30 p.m.112 views

CVE-2022-1811

CVE-2022-1811 applies to Publify/Publify prior to 9.2.9. The vulnerability is an unrestricted upload of a file with a dangerous type due to insufficient validation of uploaded files in the application, enabling potential remote code execution. Affected software: Publify (GitHub repo publify/publi...

9.1CVSS5.8AI score0.00715EPSS
CVE
CVE
added 2022/05/16 2:31 p.m.102 views

CVE-2022-1553

CVE-2022-1553 affects Publify (publify/publify) prior to 9.2.8. The vulnerability arises from improper access control that can disclose the contents of password‑protected articles, compromising confidentiality and integrity. Documents consistently describe information disclosure via article conte...

8.8CVSS5.4AI score0.01166EPSS
CVE
CVE
added 2022/05/16 2:31 p.m.95 views

CVE-2022-0574

Summary: CVE-2022-0574 affects Publify (publify/publify) prior to version 9.2.8 and is due to improper access control. The vulnerability allows anonymous users to leave comments on articles in draft mode, which should not be possible. The available documents describe the issue as an access‑contro...

6.5CVSS5.7AI score0.00787EPSS
CVE
CVE
added 2022/05/16 2:31 p.m.95 views

CVE-2022-0578

The CVE-2022-0578 entry relates to a code injection vulnerability in Publify/publify prior to version 9.2.8. Affected software is Publify (GitHub repository publify/publify). The connected records consistently describe it as a code injection issue but do not provide concrete details on the root c...

6.5CVSS6AI score0.00837EPSS
CVE
CVE
added 2023/01/29 12:0 a.m.91 views

CVE-2023-0569

CVE-2023-0569 affects publify/publify prior to version 9.2.10. The issue is described as weak password requirements in the GitHub repository Publify. Affected component: authentication/password policy within Publify. Impact noted in multiple feeds as a security vulnerability allowing weak passwor...

8.1CVSS6.7AI score0.007EPSS
CVE
CVE
added 2022/05/23 12:0 a.m.90 views

CVE-2022-1810

CVE-2022-1810 affects Publify/publify before 9.2.9, where an authorization bypass is possible through a user-controlled key. The issue concerns access control of admin content, enabling a low-privilege user to modify/delete administrator posts. Affected product: Publify web publishing software. R...

9.9CVSS4.9AI score0.00786EPSS
CVE
CVE
added 2021/11/10 11:10 a.m.86 views

CVE-2021-25974

CVE-2021-25974 affects Publify versions 8.0–9.2.4 and involves stored XSS in page/article creation (and, per related notes, via unrestricted file upload). A user with a publisher role can inject/execute arbitrary JavaScript; no remediation details are provided in the supplied documents. Monitor f...

5.4CVSS5.6AI score0.00578EPSS
CVE
CVE
added 2021/11/02 6:55 a.m.79 views

CVE-2021-25973

Affected software: Publify (versions 9.0.0.pre1–9.2.4). Vulnerability type: Improper Access Control allowing a guest user to self-register even when the admin disallows it, resulting from front-end restriction rather than server-side controls. Impact (as described): Guest users can create account...

6.5CVSS6.3AI score0.008EPSS
CVE
CVE
added 2022/02/08 10:0 p.m.79 views

CVE-2022-0524

CVE-2022-0524 concerns business logic errors in Publify (Typo) prior to version 9.2.7. Multiple sources confirm the issue affects the Publify repository and Rubygems packaging, with remediation to update to 9.2.7 or later. The available documents describe the vulnerability class as business logic...

7.5CVSS6.8AI score0.01567EPSS
CVE
CVE
added 2023/01/14 12:0 a.m.75 views

CVE-2022-1812

CVE-2022-1812 affects the Publify web publishing software, specifically the GitHub repository publify/publify prior to version 9.2.10. The issue is an Integer Overflow or Wraparound in Publify, with root cause tied to an overflow risk (and an extended note from GHSA/RH and OSV sources) related to...

9.8CVSS8.7AI score0.30778EPSS
CVE
CVE
added 2021/11/10 11:10 a.m.71 views

CVE-2021-25975

CVE-2021-25975 affects Publify (versions 8.0–9.2.4). Root cause is an unrestricted file upload that enables stored XSS via a uploaded HTML file, exploitable by a user with publisher role. Documents confirm the vulnerability and impacted release range; no explicit remediation or in-the-wild exploi...

5.4CVSS5.1AI score0.00578EPSS
CVE
CVE
added 2023/01/14 12:0 a.m.71 views

CVE-2023-0299

CVE-2023-0299 involves Publify/publify with an improper input validation vulnerability in the GitHub repository, prior to version 9.2.10. The connected sources consistently describe this as an input validation error that affects Publify when processing article fields (e.g., title and post fields)...

9.8CVSS9.2AI score0.00909EPSS
CVE
CVE
added 2023/01/14 12:0 a.m.70 views

CVE-2022-2815

CVE-2022-2815 affects Publify/publify versions prior to 9.2.10 due to insecure storage of sensitive information in the GitHub repository. The provided sources describe the root cause as insecure storage, implying potential disclosure of sensitive data. Remediation: upgrade to version 9.2.10 or la...

6.5CVSS5.4AI score0.00562EPSS