publify is vulnerable to cross-site scripting attacks. The vulnerability exists because it doesn’t check limit the file types that can be uploaded in resource_uploader.rb
which allows an attacker to inject and execute arbitrary javascript via uploaded html files.