ReportizFlow
Filtered by vendor Publify
Subscriptions
Filtered by product Publify
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39311 | 1 Publify | 2 Publify, Publify Core | 2025-04-14 | 5.4 Medium |
| Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link. A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. Version 10.0.1 of Publify and version 10.0.2 of the `publify_core` rubygem fix the issue. | ||||
| CVE-2014-3211 | 1 Publify | 1 Publify | 2025-04-11 | 7.5 High |
| Publify before 8.0.1 is vulnerable to a Denial of Service attack | ||||
Page 1 of 1.