Login Sign Up

CVE-2024-39311

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows a publisher user in Publify to perform cross-site scripting (XSS) attacks against administrators through the redirect functionality. Exploitation requires an administrator to click a malicious link, which could lead to privilege escalation. Only Publify instances with publisher users are affected.

💻 Affected Systems

Products:
  • Publify
  • publify_core rubygem
Versions: Publify < 10.0.1, publify_core < 10.0.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires publisher user role and administrator interaction with malicious link.

📦 What is this software?

Publify by Publify

View all CVEs affecting Publify →

Publify Core by Publify

View all CVEs affecting Publify Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Publisher gains administrator privileges through XSS-based session hijacking or credential theft, potentially taking full control of the Publify instance.

🟠

Likely Case

Publisher performs limited actions as administrator, such as modifying content, creating new users, or accessing sensitive data.

🟢

If Mitigated

Attack fails due to proper input validation, Content Security Policy, or administrator awareness of suspicious links.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated publisher access and social engineering to trick administrator into clicking malicious link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Publify 10.0.1, publify_core 10.0.2

Vendor Advisory: https://github.com/publify/publify/security/advisories/GHSA-8fm5-gg2f-f66q

Restart Required: Yes

Instructions:

1. Update Publify to version 10.0.1 or higher. 2. Update publify_core gem to version 10.0.2 or higher. 3. Restart the Rails application server.

🔧 Temporary Workarounds

Disable redirect functionality

all

Remove or disable the redirect feature that allows publisher users to create redirects.

Modify Publify configuration to disable redirect creation by publishers

Implement Content Security Policy

all

Add strict CSP headers to prevent XSS payload execution.

Add Content-Security-Policy header to web server configuration

🧯 If You Can't Patch

  • Restrict publisher user permissions to prevent redirect creation
  • Implement web application firewall rules to detect and block XSS payloads in redirect parameters

🔍 How to Verify

Check if Vulnerable:

Check Publify version in admin dashboard or Gemfile.lock for publify_core version.

Check Version:

bundle show publify_core

Verify Fix Applied:

Confirm Publify version is 10.0.1+ and publify_core gem is 10.0.2+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect creation by publisher users
  • Administrator account activity from unexpected IP addresses

Network Indicators:

  • HTTP requests with suspicious parameters in redirect URLs

SIEM Query:

search 'redirect' AND 'publisher' AND (contains('javascript:') OR contains('data:'))

📊 Metadata

CVE ID: CVE-2024-39311
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.14% exploit probability (34.1th percentile)
Published: March 28, 2025
Last Updated: April 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39311, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)