This page aggregates publicly disclosed CVE and security risk information related to publify, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-39311 | Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to no | [email protected] | 1.8 | 0.18% | 2025-03-28 | 2025-04-14 |
| CVE-2014-3211 | Publify before 8.0.1 is vulnerable to a Denial of Service attack | [email protected] | 7.5 | 1.08% | 2020-01-09 | 2025-04-11 |