ADVISORIES

• CVE-2022-1811 (NVD)
• GHSA-3hwx-c6cp-q972
• Vendor Advisory

GEM

publify_core

SEVERITY

CVSS v3.x: 9.1 (Critical)

PATCHED VERSIONS

• >= 9.2.9

DESCRIPTION

Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained.

RELATED

• https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c