7.5CVSS
7.4AI Score
0.001EPSS
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
6.5CVSS
6.3AI Score
0.001EPSS
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
5.4CVSS
5.7AI Score
0.001EPSS
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
5.4CVSS
5AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.002EPSS
6.5CVSS
6.3AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity...
4.9CVSS
5AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
4.3CVSS
4.5AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
5.4CVSS
5.3AI Score
0.001EPSS
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
9.8CVSS
9.4AI Score
0.002EPSS
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
6.5CVSS
6.3AI Score
0.001EPSS
9.8CVSS
9.1AI Score
0.002EPSS
6.5CVSS
6.8AI Score
0.001EPSS