CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39311 – Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
https://notcve.org/view.php?id=CVE-2024-39311
28 Mar 2025 — Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it ob... • https://github.com/publify/publify/security/advisories/GHSA-8fm5-gg2f-f66q • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0569 – Weak Password Requirements in publify/publify
https://notcve.org/view.php?id=CVE-2023-0569
29 Jan 2023 — Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. Requisitos de contraseña débiles en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d • CWE-521: Weak Password Requirements •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1812 – Integer Overflow or Wraparound in publify/publify
https://notcve.org/view.php?id=CVE-2022-1812
14 Jan 2023 — Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. Desbordamiento de enteros o Wraparound en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2815 – Insecure Storage of Sensitive Information in publify/publify
https://notcve.org/view.php?id=CVE-2022-2815
14 Jan 2023 — Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. Almacenamiento inseguro de información confidencial en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0299 – Improper Input Validation in publify/publify
https://notcve.org/view.php?id=CVE-2023-0299
14 Jan 2023 — Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. Validación de entrada incorrecta en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1811 – Unrestricted Upload of File with Dangerous Type in publify/publify
https://notcve.org/view.php?id=CVE-2022-1811
23 May 2022 — Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Una Carga no Restringida de un Archivo con un Tipo Peligroso en el repositorio GitHub publify/publify versiones anteriores a 9.2.9 • https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1810 – Authorization Bypass Through User-Controlled Key in publify/publify
https://notcve.org/view.php?id=CVE-2022-1810
23 May 2022 — Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. Un Control de Acceso Inapropiado en el repositorio de GitHub publify/publify versiones anteriores a 9.2.9 • https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1553 – Leaking password protected articles content due to improper access control in publify/publify
https://notcve.org/view.php?id=CVE-2022-1553
16 May 2022 — Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. Un Filtrado del contenido de los artículos protegidos por contraseña debido a un control de acceso inapropiado en el repositorio GitHub publify/publify versiones anteriores a 9.2.8. Los atacantes pueden... • https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0578 – Code Injection in publify/publify
https://notcve.org/view.php?id=CVE-2022-0578
16 May 2022 — Code Injection in GitHub repository publify/publify prior to 9.2.8. Una Inyección de Código en el repositorio GitHub publify/publify versiones anteriores a 9.2.8 • https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0574 – Improper Access Control in publify/publify
https://notcve.org/view.php?id=CVE-2022-0574
16 May 2022 — Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Un Control de Acceso Inapropiado en el repositorio GitHub publify/publify versiones anteriores a 9.2.8 • https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •