Publify_project Publify

13 CVEs affecting Publify_project Publify. Latest disclosed: 2023-01-29. Critical: 2, High: 1.

Top CVEs affecting Publify_project Publify
CVESeverityScorePublishedSummary
CVE-2023-0299Critical9.82023-01-14Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-1812Critical9.82023-01-14Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-0524High7.52022-02-08Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVE-2023-0569Medium6.52023-01-29Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-2815Medium6.52023-01-14Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-0578Medium6.52022-05-16Code Injection in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0574Medium6.52022-05-16Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
CVE-2021-25973Medium6.52021-11-02In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happen…
CVE-2022-1811Medium5.42022-05-23Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
CVE-2021-25975Medium5.42021-11-10In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to…
CVE-2021-25974Medium5.42021-11-10In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while…
CVE-2022-1553Medium4.92022-05-16Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vul…
CVE-2022-1810Medium4.32022-05-23Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.