Publify Project

Publify

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-25975

  • EPSS 0.21%
  • Veröffentlicht 10.11.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 05:55:42

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.

5.4

CVE-2021-25974

  • EPSS 0.21%
  • Veröffentlicht 10.11.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:55:42

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.

6.5

CVE-2021-25973

  • EPSS 0.16%
  • Veröffentlicht 02.11.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:55:42

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.