Publify Cross-Site Scripting Vulnerability via Redirects

A cross-site scripting (XSS) vulnerability has been identified in Publify, a self-hosted web publishing platform built on Rails. This issue affects versions prior to 10.0.1 of Publify and versions prior to 10.0.2 of the publify_core rubygem. The vulnerability allows a publisher to inject malicious scripts that could be executed by an administrator who clicks on a manipulated link. The attack leverages the redirect feature, creating a link that appears harmless but contains a hidden payload, such as JavaScript code. When the administrator clicks the link, the XSS is triggered. This vulnerability could potentially be exploited by a publisher to escalate privileges and gain administrative rights.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, a publisher must create a new redirect that includes a JavaScript payload, such as 'javascript:alert()'. Once the redirect is saved, it will appear in the administrator's overview. When the administrator clicks the link, the XSS payload is executed.

Remediation

Users can upgrade to Publify version 10.0.1 or the publify_core rubygem version 10.0.2 to address this vulnerability.