← Back

Publify

publify

Vendor: Publify • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-39311
1Publify
2Publify
Publify Core
Apr 14, 2025
Mar 28, 2025
1.8 LOW· v4
5.4 MEDIUM· v3
N/A· v2
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perf...Show more
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link. A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. Version 10.0.1 of Publify and version 10.0.2 of the `publify_core` rubygem fix the issue.Show less
CVE-2014-3211
1Publify
1Publify
Apr 11, 2025
Jan 9, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Publify before 8.0.1 is vulnerable to a Denial of Service attack