Total vulnerabilities in the database
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
Software | From | Fixed in |
---|---|---|
publify_project / publify | 8.0 | 9.2.4.x |
![]() |
8.0 | 9.2.5 |