Vulnerabilities (CVE)

Filtered by vendor Publify Project Subscribe
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0569 1 Publify Project 1 Publify 2024-11-21 N/A 6.5 MEDIUM
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
CVE-2023-0299 1 Publify Project 1 Publify 2024-11-21 N/A 9.8 CRITICAL
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-2815 1 Publify Project 1 Publify 2024-11-21 N/A 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-1812 1 Publify Project 1 Publify 2024-11-21 N/A 9.8 CRITICAL
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-1811 1 Publify Project 1 Publify 2024-11-21 3.5 LOW 5.4 MEDIUM
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
CVE-2022-1810 1 Publify Project 1 Publify 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
CVE-2022-1553 1 Publify Project 1 Publify 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.
CVE-2022-0578 1 Publify Project 1 Publify 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
Code Injection in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0574 1 Publify Project 1 Publify 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0524 1 Publify Project 1 Publify 2024-11-21 5.0 MEDIUM 7.5 HIGH
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVE-2021-25975 1 Publify Project 1 Publify 2024-11-21 3.5 LOW 5.4 MEDIUM
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
CVE-2021-25974 1 Publify Project 1 Publify 2024-11-21 3.5 LOW 5.4 MEDIUM
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
CVE-2021-25973 1 Publify Project 1 Publify 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
CVE-2014-3211 1 Publify Project 1 Publify 2024-11-21 5.0 MEDIUM 7.5 HIGH
Publify before 8.0.1 is vulnerable to a Denial of Service attack