EPSS
Percentile
36.3%
publify_core is vulnerable to arbitrary code injection. The vulnerability exists in html_postprocess in feedback.rb because the application doesn’t filter the user comments which allows an attacker to inject html codes in the database.
html_postprocess
feedback.rb
github.com/advisories/GHSA-w78q-4w34-jrjx
github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7
github.com/publify/publify/pull/1054
huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc
huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc/