Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
28 vulnerabilities by publify_project
CVE-2023-0569 (GCVE-0-2023-0569)
Vulnerability from nvd – Published: 2023-01-29 00:00 – Updated: 2025-03-28 15:43
VLAI
Title
Weak Password Requirements in publify/publify
Summary
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T15:43:29.019008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T15:43:33.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"
},
{
"url": "https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d"
}
],
"source": {
"advisory": "81b1e1da-10dd-435e-94ae-4bdd41df6df9",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0569",
"datePublished": "2023-01-29T00:00:00.000Z",
"dateReserved": "2023-01-29T00:00:00.000Z",
"dateUpdated": "2025-03-28T15:43:33.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0299 (GCVE-0-2023-0299)
Vulnerability from nvd – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:40
VLAI
Title
Improper Input Validation in publify/publify
Summary
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0049774b-1857-46dc-a834-f1fb15138c53"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0299",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:40:39.442525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:40:49.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0049774b-1857-46dc-a834-f1fb15138c53"
},
{
"url": "https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1"
}
],
"source": {
"advisory": "0049774b-1857-46dc-a834-f1fb15138c53",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0299",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2023-01-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:40:49.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2815 (GCVE-0-2022-2815)
Vulnerability from nvd – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:30
VLAI
Title
Insecure Storage of Sensitive Information in publify/publify
Summary
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
Severity
4.6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:30:32.157356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:30:42.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4"
},
{
"url": "https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd"
}
],
"source": {
"advisory": "22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2815",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2022-08-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:30:42.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1812 (GCVE-0-2022-1812)
Vulnerability from nvd – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:31
VLAI
Title
Integer Overflow or Wraparound in publify/publify
Summary
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/17d86a50-265c-4ec8-9592-0bd909ddc8f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:31:02.876917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:31:13.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/17d86a50-265c-4ec8-9592-0bd909ddc8f3"
},
{
"url": "https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a"
}
],
"source": {
"advisory": "17d86a50-265c-4ec8-9592-0bd909ddc8f3",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1812",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:31:13.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1811 (GCVE-0-2022-1811)
Vulnerability from nvd – Published: 2022-05-23 13:30 – Updated: 2024-08-03 00:16
VLAI
Title
Unrestricted Upload of File with Dangerous Type in publify/publify
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
Severity
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/4d97f665-c9f1-4c38-b77… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/0fb6b02… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-23T13:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927"
}
],
"source": {
"advisory": "4d97f665-c9f1-4c38-b774-692255a7c44c",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1811",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.9"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c"
},
{
"name": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927"
}
]
},
"source": {
"advisory": "4d97f665-c9f1-4c38-b774-692255a7c44c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1811",
"datePublished": "2022-05-23T13:30:12.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1810 (GCVE-0-2022-1810)
Vulnerability from nvd – Published: 2022-05-23 00:00 – Updated: 2024-08-03 00:16
VLAI
Title
Authorization Bypass Through User-Controlled Key in publify/publify
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
Severity
9.9 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb"
},
{
"url": "https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce"
}
],
"source": {
"advisory": "9b2d7579-032e-42da-b736-4b10a868eacb",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1810",
"datePublished": "2022-05-23T00:00:00.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1553 (GCVE-0-2022-1553)
Vulnerability from nvd – Published: 2022-05-16 14:31 – Updated: 2024-08-03 00:10
VLAI
Title
Leaking password protected articles content due to improper access control in publify/publify
Summary
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.
Severity
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad8… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/1a78f16… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:31:58.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db"
}
],
"source": {
"advisory": "b398e4c9-6cdf-4973-ad86-da796cde221f",
"discovery": "EXTERNAL"
},
"title": "Leaking password protected articles content due to improper access control in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1553",
"STATE": "PUBLIC",
"TITLE": "Leaking password protected articles content due to improper access control in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.8"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f"
},
{
"name": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db"
}
]
},
"source": {
"advisory": "b398e4c9-6cdf-4973-ad86-da796cde221f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1553",
"datePublished": "2022-05-16T14:31:58.000Z",
"dateReserved": "2022-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0578 (GCVE-0-2022-0578)
Vulnerability from nvd – Published: 2022-05-16 14:31 – Updated: 2024-08-02 23:32
VLAI
Title
Code Injection in publify/publify
Summary
Code Injection in GitHub repository publify/publify prior to 9.2.8.
Severity
5.3 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/02c81928-eb47-476f-800… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/b50df05… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository publify/publify prior to 9.2.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:31:45.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7"
}
],
"source": {
"advisory": "02c81928-eb47-476f-8000-e93dc796dbcc",
"discovery": "EXTERNAL"
},
"title": "Code Injection in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0578",
"STATE": "PUBLIC",
"TITLE": "Code Injection in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.8"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository publify/publify prior to 9.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc"
},
{
"name": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7"
}
]
},
"source": {
"advisory": "02c81928-eb47-476f-8000-e93dc796dbcc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0578",
"datePublished": "2022-05-16T14:31:45.000Z",
"dateReserved": "2022-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0574 (GCVE-0-2022-0574)
Vulnerability from nvd – Published: 2022-05-16 14:31 – Updated: 2024-08-02 23:32
VLAI
Title
Improper Access Control in publify/publify
Summary
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
Severity
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/6f322c84-9e20-4df6-97e… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/0e6c66a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository publify/publify prior to 9.2.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:31:39.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739"
}
],
"source": {
"advisory": "6f322c84-9e20-4df6-97e8-92bc271ede3f",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0574",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.8"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository publify/publify prior to 9.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f"
},
{
"name": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739"
}
]
},
"source": {
"advisory": "6f322c84-9e20-4df6-97e8-92bc271ede3f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0574",
"datePublished": "2022-05-16T14:31:39.000Z",
"dateReserved": "2022-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0524 (GCVE-0-2022-0524)
Vulnerability from nvd – Published: 2022-02-08 22:00 – Updated: 2024-08-02 23:32
VLAI
Title
Business Logic Errors in publify/publify
Summary
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
Severity
6.5 (Medium)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/16fceec… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository publify/publify prior to 9.2.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T15:15:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5"
}
],
"source": {
"advisory": "bfffae58-b3cd-4e0e-b1f2-3db387a22c3d",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0524",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.7"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository publify/publify prior to 9.2.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d"
},
{
"name": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5"
}
]
},
"source": {
"advisory": "bfffae58-b3cd-4e0e-b1f2-3db387a22c3d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0524",
"datePublished": "2022-02-08T22:00:17.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25975 (GCVE-0-2021-25975)
Vulnerability from nvd – Published: 2021-11-10 11:10 – Updated: 2025-04-30 15:52
VLAI
Title
Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload
Summary
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
| https://github.com/publify/publify/commit/d99c087… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify_core | publify_core |
Affected:
v8.0 , < unspecified
(custom)
Affected: unspecified , ≤ v9.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:49:10.069073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:52:22.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with \u201cpublisher\u201d role to inject malicious JavaScript via the uploaded html file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:10:13.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25975",
"STATE": "PUBLIC",
"TITLE": "Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify_core",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v8.0"
},
{
"version_affected": "\u003c=",
"version_value": "v9.2.4"
}
]
}
}
]
},
"vendor_name": "publify_core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with \u201cpublisher\u201d role to inject malicious JavaScript via the uploaded html file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
},
{
"name": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25975",
"datePublished": "2021-11-10T11:10:13.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:52:22.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25974 (GCVE-0-2021-25974)
Vulnerability from nvd – Published: 2021-11-10 11:10 – Updated: 2025-04-30 15:52
VLAI
Title
Publify - Stored Cross-Site Scripting (XSS) in Editor
Summary
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/publify/publify/commit/fefd5f7… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify_core | publify_core |
Affected:
v8.0 , < unspecified
(custom)
Affected: unspecified , ≤ v9.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:49:01.432192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:52:28.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a \u201cpublisher\u201d role is able to inject and execute arbitrary JavaScript code while creating a page/article."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:10:11.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Publify - Stored Cross-Site Scripting (XSS) in Editor",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25974",
"STATE": "PUBLIC",
"TITLE": "Publify - Stored Cross-Site Scripting (XSS) in Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify_core",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v8.0"
},
{
"version_affected": "\u003c=",
"version_value": "v9.2.4"
}
]
}
}
]
},
"vendor_name": "publify_core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a \u201cpublisher\u201d role is able to inject and execute arbitrary JavaScript code while creating a page/article."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25974",
"datePublished": "2021-11-10T11:10:12.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:52:28.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25973 (GCVE-0-2021-25973)
Vulnerability from nvd – Published: 2021-11-02 06:55 – Updated: 2025-04-30 15:52
VLAI
Title
Publify - Improper Authorization Leads to Guest Signup Restriction Bypass
Summary
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/publify/publify/commit/3447e02… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify_core | publify_core |
Affected:
9.0.0.pre1 , < unspecified
(custom)
Affected: unspecified , ≤ 9.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25973",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:49:22.002710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:52:50.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.0.0.pre1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. \u201cguest\u201d role users can self-register even when the admin does not allow. This happens due to front-end restriction only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T06:55:09.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Publify - Improper Authorization Leads to Guest Signup Restriction Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25973",
"STATE": "PUBLIC",
"TITLE": "Publify - Improper Authorization Leads to Guest Signup Restriction Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify_core",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.0.0.pre1"
},
{
"version_affected": "\u003c=",
"version_value": "9.2.4"
}
]
}
}
]
},
"vendor_name": "publify_core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. \u201cguest\u201d role users can self-register even when the admin does not allow. This happens due to front-end restriction only."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25973",
"datePublished": "2021-11-02T06:55:09.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:52:50.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3211 (GCVE-0-2014-3211)
Vulnerability from nvd – Published: 2020-01-09 13:13 – Updated: 2024-08-06 10:35
VLAI
Summary
Publify before 8.0.1 is vulnerable to a Denial of Service attack
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackmysystems.tumblr.com/post/85475092711… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Publify before 8.0.1 is vulnerable to a Denial of Service attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T13:13:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Publify before 8.0.1 is vulnerable to a Denial of Service attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211",
"refsource": "MISC",
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3211",
"datePublished": "2020-01-09T13:13:05.000Z",
"dateReserved": "2014-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:35:57.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0569 (GCVE-0-2023-0569)
Vulnerability from cvelistv5 – Published: 2023-01-29 00:00 – Updated: 2025-03-28 15:43
VLAI
Title
Weak Password Requirements in publify/publify
Summary
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T15:43:29.019008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T15:43:33.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"
},
{
"url": "https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d"
}
],
"source": {
"advisory": "81b1e1da-10dd-435e-94ae-4bdd41df6df9",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0569",
"datePublished": "2023-01-29T00:00:00.000Z",
"dateReserved": "2023-01-29T00:00:00.000Z",
"dateUpdated": "2025-03-28T15:43:33.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0299 (GCVE-0-2023-0299)
Vulnerability from cvelistv5 – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:40
VLAI
Title
Improper Input Validation in publify/publify
Summary
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0049774b-1857-46dc-a834-f1fb15138c53"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0299",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:40:39.442525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:40:49.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0049774b-1857-46dc-a834-f1fb15138c53"
},
{
"url": "https://github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1"
}
],
"source": {
"advisory": "0049774b-1857-46dc-a834-f1fb15138c53",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0299",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2023-01-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:40:49.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2815 (GCVE-0-2022-2815)
Vulnerability from cvelistv5 – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:30
VLAI
Title
Insecure Storage of Sensitive Information in publify/publify
Summary
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
Severity
4.6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:30:32.157356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:30:42.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4"
},
{
"url": "https://github.com/publify/publify/commit/af69097d349f4c00f244c51cd3c3e937fd3387cd"
}
],
"source": {
"advisory": "22fdcc39-8c1a-4e4c-8eae-be3fd764f8b4",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2815",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2022-08-14T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:30:42.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1812 (GCVE-0-2022-1812)
Vulnerability from cvelistv5 – Published: 2023-01-14 00:00 – Updated: 2025-04-07 18:31
VLAI
Title
Integer Overflow or Wraparound in publify/publify
Summary
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/17d86a50-265c-4ec8-9592-0bd909ddc8f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:31:02.876917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:31:13.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/17d86a50-265c-4ec8-9592-0bd909ddc8f3"
},
{
"url": "https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a"
}
],
"source": {
"advisory": "17d86a50-265c-4ec8-9592-0bd909ddc8f3",
"discovery": "EXTERNAL"
},
"title": "Integer Overflow or Wraparound in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1812",
"datePublished": "2023-01-14T00:00:00.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:31:13.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1811 (GCVE-0-2022-1811)
Vulnerability from cvelistv5 – Published: 2022-05-23 13:30 – Updated: 2024-08-03 00:16
VLAI
Title
Unrestricted Upload of File with Dangerous Type in publify/publify
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
Severity
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/4d97f665-c9f1-4c38-b77… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/0fb6b02… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-23T13:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927"
}
],
"source": {
"advisory": "4d97f665-c9f1-4c38-b774-692255a7c44c",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1811",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.9"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c"
},
{
"name": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927"
}
]
},
"source": {
"advisory": "4d97f665-c9f1-4c38-b774-692255a7c44c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1811",
"datePublished": "2022-05-23T13:30:12.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1810 (GCVE-0-2022-1810)
Vulnerability from cvelistv5 – Published: 2022-05-23 00:00 – Updated: 2024-08-03 00:16
VLAI
Title
Authorization Bypass Through User-Controlled Key in publify/publify
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
Severity
9.9 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb"
},
{
"url": "https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce"
}
],
"source": {
"advisory": "9b2d7579-032e-42da-b736-4b10a868eacb",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1810",
"datePublished": "2022-05-23T00:00:00.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1553 (GCVE-0-2022-1553)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:31 – Updated: 2024-08-03 00:10
VLAI
Title
Leaking password protected articles content due to improper access control in publify/publify
Summary
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.
Severity
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad8… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/1a78f16… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:31:58.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db"
}
],
"source": {
"advisory": "b398e4c9-6cdf-4973-ad86-da796cde221f",
"discovery": "EXTERNAL"
},
"title": "Leaking password protected articles content due to improper access control in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1553",
"STATE": "PUBLIC",
"TITLE": "Leaking password protected articles content due to improper access control in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.8"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b398e4c9-6cdf-4973-ad86-da796cde221f"
},
{
"name": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/1a78f16f460847274265a12a9555b3524892d7db"
}
]
},
"source": {
"advisory": "b398e4c9-6cdf-4973-ad86-da796cde221f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1553",
"datePublished": "2022-05-16T14:31:58.000Z",
"dateReserved": "2022-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0578 (GCVE-0-2022-0578)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:31 – Updated: 2024-08-02 23:32
VLAI
Title
Code Injection in publify/publify
Summary
Code Injection in GitHub repository publify/publify prior to 9.2.8.
Severity
5.3 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/02c81928-eb47-476f-800… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/b50df05… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository publify/publify prior to 9.2.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:31:45.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7"
}
],
"source": {
"advisory": "02c81928-eb47-476f-8000-e93dc796dbcc",
"discovery": "EXTERNAL"
},
"title": "Code Injection in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0578",
"STATE": "PUBLIC",
"TITLE": "Code Injection in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.8"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository publify/publify prior to 9.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/02c81928-eb47-476f-8000-e93dc796dbcc"
},
{
"name": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7"
}
]
},
"source": {
"advisory": "02c81928-eb47-476f-8000-e93dc796dbcc",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0578",
"datePublished": "2022-05-16T14:31:45.000Z",
"dateReserved": "2022-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0574 (GCVE-0-2022-0574)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:31 – Updated: 2024-08-02 23:32
VLAI
Title
Improper Access Control in publify/publify
Summary
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
Severity
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/6f322c84-9e20-4df6-97e… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/0e6c66a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository publify/publify prior to 9.2.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:31:39.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739"
}
],
"source": {
"advisory": "6f322c84-9e20-4df6-97e8-92bc271ede3f",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0574",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.8"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository publify/publify prior to 9.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f"
},
{
"name": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739"
}
]
},
"source": {
"advisory": "6f322c84-9e20-4df6-97e8-92bc271ede3f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0574",
"datePublished": "2022-05-16T14:31:39.000Z",
"dateReserved": "2022-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0524 (GCVE-0-2022-0524)
Vulnerability from cvelistv5 – Published: 2022-02-08 22:00 – Updated: 2024-08-02 23:32
VLAI
Title
Business Logic Errors in publify/publify
Summary
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
Severity
6.5 (Medium)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f… | x_refsource_CONFIRM |
| https://github.com/publify/publify/commit/16fceec… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository publify/publify prior to 9.2.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T15:15:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5"
}
],
"source": {
"advisory": "bfffae58-b3cd-4e0e-b1f2-3db387a22c3d",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in publify/publify",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0524",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in publify/publify"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify/publify",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.7"
}
]
}
}
]
},
"vendor_name": "publify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository publify/publify prior to 9.2.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bfffae58-b3cd-4e0e-b1f2-3db387a22c3d"
},
{
"name": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/16fceecadbe80ab0ef846b62a12dc7bfff10b8c5"
}
]
},
"source": {
"advisory": "bfffae58-b3cd-4e0e-b1f2-3db387a22c3d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0524",
"datePublished": "2022-02-08T22:00:17.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25975 (GCVE-0-2021-25975)
Vulnerability from cvelistv5 – Published: 2021-11-10 11:10 – Updated: 2025-04-30 15:52
VLAI
Title
Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload
Summary
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
| https://github.com/publify/publify/commit/d99c087… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify_core | publify_core |
Affected:
v8.0 , < unspecified
(custom)
Affected: unspecified , ≤ v9.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:49:10.069073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:52:22.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with \u201cpublisher\u201d role to inject malicious JavaScript via the uploaded html file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:10:13.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25975",
"STATE": "PUBLIC",
"TITLE": "Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify_core",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v8.0"
},
{
"version_affected": "\u003c=",
"version_value": "v9.2.4"
}
]
}
}
]
},
"vendor_name": "publify_core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with \u201cpublisher\u201d role to inject malicious JavaScript via the uploaded html file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
},
{
"name": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/d99c0870d3dbbfde7febdc6cad33199b84770101"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25975",
"datePublished": "2021-11-10T11:10:13.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:52:22.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25974 (GCVE-0-2021-25974)
Vulnerability from cvelistv5 – Published: 2021-11-10 11:10 – Updated: 2025-04-30 15:52
VLAI
Title
Publify - Stored Cross-Site Scripting (XSS) in Editor
Summary
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/publify/publify/commit/fefd5f7… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify_core | publify_core |
Affected:
v8.0 , < unspecified
(custom)
Affected: unspecified , ≤ v9.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:49:01.432192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:52:28.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a \u201cpublisher\u201d role is able to inject and execute arbitrary JavaScript code while creating a page/article."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T11:10:11.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Publify - Stored Cross-Site Scripting (XSS) in Editor",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25974",
"STATE": "PUBLIC",
"TITLE": "Publify - Stored Cross-Site Scripting (XSS) in Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify_core",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v8.0"
},
{
"version_affected": "\u003c=",
"version_value": "v9.2.4"
}
]
}
}
]
},
"vendor_name": "publify_core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a \u201cpublisher\u201d role is able to inject and execute arbitrary JavaScript code while creating a page/article."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/fefd5f76302adcc425b2b6e7e7d23587cfc0083e"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25974"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25974",
"datePublished": "2021-11-10T11:10:12.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:52:28.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25973 (GCVE-0-2021-25973)
Vulnerability from cvelistv5 – Published: 2021-11-02 06:55 – Updated: 2025-04-30 15:52
VLAI
Title
Publify - Improper Authorization Leads to Guest Signup Restriction Bypass
Summary
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/publify/publify/commit/3447e02… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publify_core | publify_core |
Affected:
9.0.0.pre1 , < unspecified
(custom)
Affected: unspecified , ≤ 9.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25973",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:49:22.002710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:52:50.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.0.0.pre1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. \u201cguest\u201d role users can self-register even when the admin does not allow. This happens due to front-end restriction only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T06:55:09.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Publify - Improper Authorization Leads to Guest Signup Restriction Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25973",
"STATE": "PUBLIC",
"TITLE": "Publify - Improper Authorization Leads to Guest Signup Restriction Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "publify_core",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.0.0.pre1"
},
{
"version_affected": "\u003c=",
"version_value": "9.2.4"
}
]
}
}
]
},
"vendor_name": "publify_core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. \u201cguest\u201d role users can self-register even when the admin does not allow. This happens due to front-end restriction only."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e",
"refsource": "MISC",
"url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 9.2.5"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25973",
"datePublished": "2021-11-02T06:55:09.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:52:50.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3211 (GCVE-0-2014-3211)
Vulnerability from cvelistv5 – Published: 2020-01-09 13:13 – Updated: 2024-08-06 10:35
VLAI
Summary
Publify before 8.0.1 is vulnerable to a Denial of Service attack
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackmysystems.tumblr.com/post/85475092711… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Publify before 8.0.1 is vulnerable to a Denial of Service attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T13:13:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Publify before 8.0.1 is vulnerable to a Denial of Service attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211",
"refsource": "MISC",
"url": "https://hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3211",
"datePublished": "2020-01-09T13:13:05.000Z",
"dateReserved": "2014-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:35:57.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}