EPSS
Percentile
21.4%
publify is vulnerable to stored cross-site scripting attacks. The vulnerability exists in the resource_uploader.rb due to lack of input validation which allows an attacker to inject and execute arbitrary javascript.
resource_uploader.rb
github.com/advisories/GHSA-3hwx-c6cp-q972
github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927
github.com/publify/publify/pull/1066
huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c