Cross site scripting in publify
Published: May 24, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2022-1811 (NVD)
- GHSA: GHSA-3hwx-c6cp-q972
- Vendor Advisory: https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927
GEM
SEVERITY
CVSS v3.x: 9.1 (Critical)
PATCHED VERSIONS
>= 9.2.9
DESCRIPTION
Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file. Stored XSS may be obtained.