This page aggregates publicly disclosed CVE and security risk information related to publify, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-39311 | Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to no | [email protected] | 1.8 | 0.18% | 2025-03-28 | 2025-04-14 |
| CVE-2014-3211 | Publify before 8.0.1 is vulnerable to a Denial of Service attack | [email protected] | 7.5 | 0.33% | 2020-01-09 | 2025-04-11 |