Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: November 10, 2021
PoC DetailsIn incognito mode, sign in to the application as Alice, which is a “publisher” role user.
On another window, login with the admin credentials and paste the short url. XSS will be triggered.
Affected EnvironmentsPublify versions 8.0 to 9.2.4
PreventionUpdate to Publify version v9.2.5
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|