CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39311

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link. A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. Version 10.0.1 of Publify and version 10.0.2 of the `publify_core` rubygem fix the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.9%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2024-39311

Publify » Publify » Version: 1.6.7

cpe:2.3:a:publify:publify:1.6.7
Publify » Publify » Version: 1.6.8

cpe:2.3:a:publify:publify:1.6.8
Publify » Publify » Version: 10.0.0

cpe:2.3:a:publify:publify:10.0.0
Publify » Publify » Version: 2.0.0

cpe:2.3:a:publify:publify:2.0.0
Publify » Publify » Version: 2.0.1

cpe:2.3:a:publify:publify:2.0.1
Publify » Publify » Version: 2.0.6

cpe:2.3:a:publify:publify:2.0.6
Publify » Publify » Version: 2.5.0

cpe:2.3:a:publify:publify:2.5.0
Publify » Publify » Version: 2.5.1

cpe:2.3:a:publify:publify:2.5.1
Publify » Publify » Version: 2.5.2

cpe:2.3:a:publify:publify:2.5.2
Publify » Publify » Version: 2.5.3

cpe:2.3:a:publify:publify:2.5.3
Publify » Publify » Version: 2.5.4

cpe:2.3:a:publify:publify:2.5.4
Publify » Publify » Version: 2.5.5

cpe:2.3:a:publify:publify:2.5.5
Publify » Publify » Version: 2.5.6

cpe:2.3:a:publify:publify:2.5.6
Publify » Publify » Version: 2.5.7

cpe:2.3:a:publify:publify:2.5.7
Publify » Publify » Version: 2.5.8

cpe:2.3:a:publify:publify:2.5.8
Publify » Publify » Version: 2.6.0

cpe:2.3:a:publify:publify:2.6.0
Publify » Publify » Version: 3.99.1

cpe:2.3:a:publify:publify:3.99.1
Publify » Publify » Version: 3.99.2

cpe:2.3:a:publify:publify:3.99.2
Publify » Publify » Version: 3.99.3

cpe:2.3:a:publify:publify:3.99.3
Publify » Publify » Version: 3.99.4

cpe:2.3:a:publify:publify:3.99.4
Publify » Publify » Version: 4.0.0

cpe:2.3:a:publify:publify:4.0.0
Publify » Publify » Version: 4.0.1

cpe:2.3:a:publify:publify:4.0.1
Publify » Publify » Version: 4.0.2

cpe:2.3:a:publify:publify:4.0.2
Publify » Publify » Version: 4.0.3

cpe:2.3:a:publify:publify:4.0.3
Publify » Publify » Version: 4.1

cpe:2.3:a:publify:publify:4.1
Publify » Publify » Version: 5.0.0

cpe:2.3:a:publify:publify:5.0.0
Publify » Publify » Version: 5.0.2

cpe:2.3:a:publify:publify:5.0.2
Publify » Publify » Version: 5.0.3

cpe:2.3:a:publify:publify:5.0.3
Publify » Publify » Version: 5.0.3.98

cpe:2.3:a:publify:publify:5.0.3.98
Publify » Publify » Version: 5.1

cpe:2.3:a:publify:publify:5.1
Publify » Publify » Version: 5.1.1

cpe:2.3:a:publify:publify:5.1.1
Publify » Publify » Version: 5.1.2

cpe:2.3:a:publify:publify:5.1.2
Publify » Publify » Version: 5.1.3

cpe:2.3:a:publify:publify:5.1.3
Publify » Publify » Version: 5.1.98

cpe:2.3:a:publify:publify:5.1.98
Publify » Publify » Version: 5.2.0

cpe:2.3:a:publify:publify:5.2.0
Publify » Publify » Version: 5.2.98

cpe:2.3:a:publify:publify:5.2.98
Publify » Publify » Version: 5.3.0

cpe:2.3:a:publify:publify:5.3.0
Publify » Publify » Version: 5.4.1

cpe:2.3:a:publify:publify:5.4.1
Publify » Publify » Version: 5.4.2

cpe:2.3:a:publify:publify:5.4.2
Publify » Publify » Version: 5.4.3

cpe:2.3:a:publify:publify:5.4.3
Publify » Publify » Version: 5.4.4

cpe:2.3:a:publify:publify:5.4.4
Publify » Publify » Version: 5.5

cpe:2.3:a:publify:publify:5.5
Publify » Publify » Version: 6.0.0

cpe:2.3:a:publify:publify:6.0.0
Publify » Publify » Version: 6.0.1

cpe:2.3:a:publify:publify:6.0.1
Publify » Publify » Version: 6.0.2

cpe:2.3:a:publify:publify:6.0.2
Publify » Publify » Version: 6.0.3

cpe:2.3:a:publify:publify:6.0.3
Publify » Publify » Version: 6.0.4

cpe:2.3:a:publify:publify:6.0.4
Publify » Publify » Version: 6.0.6

cpe:2.3:a:publify:publify:6.0.6
Publify » Publify » Version: 6.0.7

cpe:2.3:a:publify:publify:6.0.7
Publify » Publify » Version: 6.0.8

cpe:2.3:a:publify:publify:6.0.8
Publify » Publify » Version: 6.0.9

cpe:2.3:a:publify:publify:6.0.9
Publify » Publify » Version: 6.1.0

cpe:2.3:a:publify:publify:6.1.0
Publify » Publify » Version: 6.1.1

cpe:2.3:a:publify:publify:6.1.1
Publify » Publify » Version: 6.1.2

cpe:2.3:a:publify:publify:6.1.2
Publify » Publify » Version: 6.1.3

cpe:2.3:a:publify:publify:6.1.3
Publify » Publify » Version: 6.1.4

cpe:2.3:a:publify:publify:6.1.4
Publify » Publify » Version: 6.9.0

cpe:2.3:a:publify:publify:6.9.0
Publify » Publify » Version: 7.0.0

cpe:2.3:a:publify:publify:7.0.0
Publify » Publify » Version: 7.1.0

cpe:2.3:a:publify:publify:7.1.0
Publify » Publify » Version: 8.0

cpe:2.3:a:publify:publify:8.0
Publify » Publify » Version: 8.0.1

cpe:2.3:a:publify:publify:8.0.1
Publify » Publify » Version: 8.0.2

cpe:2.3:a:publify:publify:8.0.2
Publify » Publify » Version: 8.1.0

cpe:2.3:a:publify:publify:8.1.0
Publify » Publify » Version: 8.1.1

cpe:2.3:a:publify:publify:8.1.1
Publify » Publify » Version: 8.2.0

cpe:2.3:a:publify:publify:8.2.0
Publify » Publify » Version: 8.3.0

cpe:2.3:a:publify:publify:8.3.0
Publify » Publify » Version: 8.3.1

cpe:2.3:a:publify:publify:8.3.1
Publify » Publify » Version: 8.3.2

cpe:2.3:a:publify:publify:8.3.2
Publify » Publify » Version: 8.3.3

cpe:2.3:a:publify:publify:8.3.3
Publify » Publify » Version: 9.0.0

cpe:2.3:a:publify:publify:9.0.0
Publify » Publify » Version: 9.0.1

cpe:2.3:a:publify:publify:9.0.1
Publify » Publify » Version: 9.1.0

cpe:2.3:a:publify:publify:9.1.0
Publify » Publify » Version: 9.2.0

cpe:2.3:a:publify:publify:9.2.0
Publify » Publify » Version: 9.2.1

cpe:2.3:a:publify:publify:9.2.1
Publify » Publify » Version: 9.2.10

cpe:2.3:a:publify:publify:9.2.10
Publify » Publify » Version: 9.2.2

cpe:2.3:a:publify:publify:9.2.2
Publify » Publify » Version: 9.2.3

cpe:2.3:a:publify:publify:9.2.3
Publify » Publify » Version: 9.2.4

cpe:2.3:a:publify:publify:9.2.4
Publify » Publify » Version: 9.2.5

cpe:2.3:a:publify:publify:9.2.5
Publify » Publify » Version: 9.2.6

cpe:2.3:a:publify:publify:9.2.6
Publify » Publify » Version: 9.2.7

cpe:2.3:a:publify:publify:9.2.7
Publify » Publify » Version: 9.2.8

cpe:2.3:a:publify:publify:9.2.8
Publify » Publify » Version: 9.2.9

cpe:2.3:a:publify:publify:9.2.9
Publify » Publify Core » Version: 10.0.0

cpe:2.3:a:publify:publify_core:10.0.0
Publify » Publify Core » Version: 10.0.1

cpe:2.3:a:publify:publify_core:10.0.1
Publify » Publify Core » Version: 9.0.0

cpe:2.3:a:publify:publify_core:9.0.0
Publify » Publify Core » Version: 9.0.1

cpe:2.3:a:publify:publify_core:9.0.1
Publify » Publify Core » Version: 9.1.0

cpe:2.3:a:publify:publify_core:9.1.0
Publify » Publify Core » Version: 9.2.0

cpe:2.3:a:publify:publify_core:9.2.0
Publify » Publify Core » Version: 9.2.1

cpe:2.3:a:publify:publify_core:9.2.1
Publify » Publify Core » Version: 9.2.10

cpe:2.3:a:publify:publify_core:9.2.10
Publify » Publify Core » Version: 9.2.2

cpe:2.3:a:publify:publify_core:9.2.2
Publify » Publify Core » Version: 9.2.3

cpe:2.3:a:publify:publify_core:9.2.3
Publify » Publify Core » Version: 9.2.4

cpe:2.3:a:publify:publify_core:9.2.4
Publify » Publify Core » Version: 9.2.5

cpe:2.3:a:publify:publify_core:9.2.5
Publify » Publify Core » Version: 9.2.6

cpe:2.3:a:publify:publify_core:9.2.6
Publify » Publify Core » Version: 9.2.7

cpe:2.3:a:publify:publify_core:9.2.7
Publify » Publify Core » Version: 9.2.8

cpe:2.3:a:publify:publify_core:9.2.8
Publify » Publify Core » Version: 9.2.9

cpe:2.3:a:publify:publify_core:9.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39311

Products

Pricing

Contact Us