Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
Vulnerability Description
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link. A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. Version 10.0.1 of Publify and version 10.0.2 of the `publify_core` rubygem fix the issue.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Publify 安全漏洞
Vulnerability Description
Publify是Publify开源的一个简单但功能齐全的网络发布软件。 Publify 10.0.1之前版本存在安全漏洞,该漏洞源于可能通过重定向功能对管理员进行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A