GHSA-8FM5-GG2F-F66Q

Vulnerability from github – Published: 2025-03-28 16:34 – Updated: 2025-03-28 16:34
VLAI?
Summary
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
Details

Summary

A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality.

Details

A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link.

We can create a redirect to a javascript:alert() URL. Whilst the redirect itself doesn't work, on the administrative panel, an a tag is created with the payload as the URI. Upon clicking this link, the XSS is triggered.

An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link.

PoC

A publisher can create a new redirect as shown below. The payload used is javascript:alert(). image

An administrator will now see this redirect in their overview of the page. image

If they click the link on the right, it triggers the XSS. image

Impact

A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator.

Severity ?
1.8 (Low)
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "publify_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-28T16:34:33Z",
    "nvd_published_at": "2025-03-28T15:15:44Z",
    "severity": "LOW"
  },
  "details": "### Summary\nA publisher on a `publify` application is able to perform a cross-site scripting attack on an administrator using the redirect functionality.\n\n### Details\nA publisher on a `publify` application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link.\n\nWe can create a redirect to a `javascript:alert()` URL. Whilst the redirect itself doesn\u0027t work, on the administrative panel, an a tag is created with the payload as the URI. Upon clicking this link, the XSS is triggered. \n\nAn attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link.\n\n### PoC\nA publisher can create a new redirect as shown below. The payload used is `javascript:alert()`.\n![image](https://user-images.githubusercontent.com/44903767/295206083-3cf432c6-1f58-49a2-b09c-777e9707e0ff.png)\n\nAn administrator will now see this redirect in their overview of the page.\n![image](https://user-images.githubusercontent.com/44903767/295206204-3d4dc59a-8f82-42f3-98b2-a1809790351f.png)\n\nIf they click the link on the right, it triggers the XSS.\n![image](https://user-images.githubusercontent.com/44903767/295206292-3fea85f5-6918-4eff-8206-4a275a6e79e4.png)\n\n### Impact\nA publisher may attempt to use this vulnerability to escalate their privileges and become an administrator.",
  "id": "GHSA-8fm5-gg2f-f66q",
  "modified": "2025-03-28T16:34:33Z",
  "published": "2025-03-28T16:34:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/publify/publify/security/advisories/GHSA-8fm5-gg2f-f66q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39311"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/publify/publify"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.