RSS   Vulnerabilities for 'Publify'   RSS

2022-05-23
 
CVE-2022-1810

CWE-732
 

 
Improper Access Control in GitHub repository publify/publify prior to 9.2.9.

 
2022-05-16
 
CVE-2022-0574

CWE-863
 

 
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.

 
 
CVE-2022-0578

CWE-94
 

 
Code Injection in GitHub repository publify/publify prior to 9.2.8.

 
2022-02-08
 
CVE-2022-0524

CWE-840
 

 
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.

 
2021-11-10
 
CVE-2021-25974

CWE-79
 

 
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a �??publisher�?� role is able to inject and execute arbitrary JavaScript code while creating a page/article.

 
 
CVE-2021-25975

CWE-79
 

 
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with �??publisher�?� role to inject malicious JavaScript via the uploaded html file.

 
2021-11-02
 
CVE-2021-25973

CWE-863
 

 
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. �??guest�?� role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

 
2020-01-09
 
CVE-2014-3211

CWE-400
 

 
Publify before 8.0.1 is vulnerable to a Denial of Service attack

 


Copyright 2024, cxsecurity.com

 

Back to Top