NotCVE - vendor:"Publify Project" product:"Publify" version:"

Page 3 of 13 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-25975 – Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload

https://notcve.org/view.php?id=CVE-2021-25975

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. En publify, versiones v8.0 a v9.2.4, son vulnerables a un ataque de tipo XSS almacenado como resultado de una subida de archivos sin restricciones. Este problema permite a un usuario con rol de "publisher" inyectar JavaScript malicioso por medio del archivo html subido • https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-25974 – Publify - Stored Cross-Site Scripting (XSS) in Editor

https://notcve.org/view.php?id=CVE-2021-25974

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. En Publify, versiones v8.0 a v9.2.4, son vulnerables a un ataque de tipo XSS almacenado. Un usuario con un rol "publisher" es capaz de inyectar y ejecutar código JavaScript arbitrario mientras crea una página/artículo • https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-3211

https://notcve.org/view.php?id=CVE-2014-3211

Publify before 8.0.1 is vulnerable to a Denial of Service attack Publify versiones anteriores a 8.0.1, es vulnerable a un ataque de Denegación de Servicio. • https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211 • CWE-400: Uncontrolled Resource Consumption •

1 2 3