VYPR
Moderate severityNVD Advisory· Published Nov 10, 2021· Updated Apr 30, 2025

Publify - Stored Cross-Site Scripting (XSS) in Editor

CVE-2021-25974

Description

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
publify_coreRubyGems
>= 8.0, < 9.2.59.2.5

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.