VYPR
Moderate severityNVD Advisory· Published Nov 10, 2021· Updated Apr 30, 2025

Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload

CVE-2021-25975

Description

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
publify_coreRubyGems
>= 8.0, < 9.2.59.2.5

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.