Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown

CVE-2021-25974

Disclosure Date: November 10, 2021 (last updated February 23, 2025)
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-25975

Disclosure Date: November 10, 2021 (last updated February 23, 2025)
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-25973

Disclosure Date: November 02, 2021 (last updated February 23, 2025)
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-3211

Disclosure Date: January 09, 2020 (last updated February 21, 2025)
Publify before 8.0.1 is vulnerable to a Denial of Service attack
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous