Filtered by vendor Publify Project
Subscribe
Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0569 | 1 Publify Project | 1 Publify | 2024-11-21 | N/A | 6.5 MEDIUM |
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2023-0299 | 1 Publify Project | 1 Publify | 2024-11-21 | N/A | 9.8 CRITICAL |
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2022-2815 | 1 Publify Project | 1 Publify | 2024-11-21 | N/A | 6.5 MEDIUM |
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2022-1812 | 1 Publify Project | 1 Publify | 2024-11-21 | N/A | 9.8 CRITICAL |
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2022-1811 | 1 Publify Project | 1 Publify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | |||||
CVE-2022-1810 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | |||||
CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | |||||
CVE-2022-0578 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Code Injection in GitHub repository publify/publify prior to 9.2.8. | |||||
CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | |||||
CVE-2022-0524 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | |||||
CVE-2021-25975 | 1 Publify Project | 1 Publify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | |||||
CVE-2021-25974 | 1 Publify Project | 1 Publify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | |||||
CVE-2021-25973 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | |||||
CVE-2014-3211 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Publify before 8.0.1 is vulnerable to a Denial of Service attack |