Matijs van Zuijlen

9 exploits Active since Nov 2021
CVE-2021-25973 WRITEUP MEDIUM WRITEUP
Publify 9.0.0-9.2.4 - Improper Access Control via Guest Role Self-Registration
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
CVSS 6.5
CVE-2021-25974 WRITEUP MEDIUM WRITEUP
Publify 8.0-9.2.4 - Stored Cross-Site Scripting via Page/Article Creation
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
CVSS 5.4
CVE-2021-25975 WRITEUP MEDIUM WRITEUP
publify 8.0-9.2.4 - Stored Cross-Site Scripting via HTML File Upload
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
CVSS 5.4
CVE-2022-0524 WRITEUP HIGH WRITEUP
publify/publify <9.2.7 - Info Disclosure
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVSS 7.5
CVE-2022-0574 WRITEUP MEDIUM WRITEUP
GitHub publify/publify <9.2.8 - Info Disclosure
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
CVSS 6.5
CVE-2022-0578 WRITEUP MEDIUM WRITEUP
publify/publify <9.2.8 - Code Injection
Code Injection in GitHub repository publify/publify prior to 9.2.8.
CVSS 6.5
CVE-2022-2815 WRITEUP MEDIUM WRITEUP
GitHub publify/publify <9.2.10 - Info Disclosure
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
CVSS 6.5
CVE-2023-0299 WRITEUP CRITICAL WRITEUP
publify/publify <9.2.10 - Info Disclosure
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
CVSS 9.8
CVE-2023-0569 WRITEUP MEDIUM WRITEUP
GitHub publify/publify <9.2.10 - Info Disclosure
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
CVSS 6.5