CVE-2021-25974
- Source
- https://cve.org/CVERecord?id=CVE-2021-25974
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25974.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-25974
- Aliases
- Published
- 2021-11-10T11:15:07.573Z
- Modified
- 2026-02-22T01:28:51.048462Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
- References
Affected packages
Git / github.com/publify/publify
Affected ranges
- Type
- GIT
- Repo
- https://github.com/publify/publify
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
5_3_0
release_5_1_98
release_5_2_0
release_5_2_98
release_5_4_0
release_5_4_1
release_5_4_2
release_5_4_3
release_5_4_4
release_5_5
release_6_0_0
release_6_0_1
release_6_0_2
release_6_0_3
release_6_0_4
release_6_0_6
release_6_0_7
release_6_0_8
release_6_0_9
release_6_1_0
release_6_1_1
release_6_1_2
release_6_1_3
release_6_1_4
release_7_0_0-beta1
6.*
6.9.0
7.*
7.0.0
7.1.0
release-1.*
release-1.6.7
release-5.*
release-5.0.3
release-5.0.3-no-rly
release-5.0.3.98
release-5.1
release-5.1.1
release-5.1.2
release-5.1.3
v8.*
v8.0
v8.0.1
v8.0.2
v8.1.0
v8.1.1
v8.2.0
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v9.*
v9.0.0
v9.0.1
v9.1.0
v9.2.0
v9.2.1
v9.2.2
v9.2.3
v9.2.4