Product:

Publify

(Publify_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 14
Date Id Summary Products Score Patch Annotated
2021-11-02 CVE-2021-25973 In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. Publify 6.5
2021-11-10 CVE-2021-25974 In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. Publify 5.4
2021-11-10 CVE-2021-25975 In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. Publify 5.4
2022-02-08 CVE-2022-0524 Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. Publify 7.5
2022-05-16 CVE-2022-0574 Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Publify 6.5
2022-05-16 CVE-2022-0578 Code Injection in GitHub repository publify/publify prior to 9.2.8. Publify 6.5
2022-05-16 CVE-2022-1553 Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. Publify 4.9
2022-05-23 CVE-2022-1810 Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. Publify 4.3
2022-05-23 CVE-2022-1811 Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Publify 5.4
2023-01-14 CVE-2022-1812 Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. Publify 9.8