Filtered by vendor Publify Project
Subscriptions
Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-0569 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | ||||
CVE-2023-0299 | 1 Publify Project | 1 Publify | 2024-11-21 | 9.8 Critical |
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | ||||
CVE-2022-2815 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | ||||
CVE-2022-1812 | 1 Publify Project | 1 Publify | 2024-11-21 | 9.8 Critical |
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. | ||||
CVE-2022-1811 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.4 Medium |
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | ||||
CVE-2022-1810 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.3 Medium |
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | ||||
CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.9 Medium |
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | ||||
CVE-2022-0578 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
Code Injection in GitHub repository publify/publify prior to 9.2.8. | ||||
CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | ||||
CVE-2022-0524 | 1 Publify Project | 1 Publify | 2024-11-21 | 7.5 High |
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | ||||
CVE-2021-25975 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.4 Medium |
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | ||||
CVE-2021-25974 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.4 Medium |
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | ||||
CVE-2021-25973 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | ||||
CVE-2014-3211 | 1 Publify Project | 1 Publify | 2024-11-21 | 7.5 High |
Publify before 8.0.1 is vulnerable to a Denial of Service attack |
Page 1 of 1.