CVE-2022-1811

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

CVE-2022-1553

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity...

CVE-2022-0574

Improper Access Control in GitHub repository publify/publify prior to 9.2.8.

CVE-2022-0578

Code Injection in GitHub repository publify/publify prior to 9.2.8.

CVE-2023-0569

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

CVE-2022-1810

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.

CVE-2021-25973

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.

CVE-2021-25974

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.

CVE-2022-1812

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.

CVE-2023-0299

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

CVE-2022-2815

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

CVE-2021-25975

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.