Browse all 3 CVE security advisories affecting publify_core. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Publify_core is a Ruby-based publishing platform for creating and managing blogs and websites. Historically, it has been susceptible to remote code execution, cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The platform's CVE record includes three documented security issues, with RCE being particularly concerning due to potential complete system compromise. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in web publishing components suggests a need for rigorous security hardening and prompt patch management for deployments handling sensitive content.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-25975 | Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload — publify_coreCWE-79 | 5.4 | Medium | 2021-11-10 |
| CVE-2021-25974 | Publify - Stored Cross-Site Scripting (XSS) in Editor — publify_coreCWE-79 | 5.4 | Medium | 2021-11-10 |
| CVE-2021-25973 | Publify - Improper Authorization Leads to Guest Signup Restriction Bypass — publify_coreCWE-285 | 6.5 | Medium | 2021-11-02 |
This page lists every published CVE security advisory associated with publify_core. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.