VYPR

My Site

by Winterchens

Source repositories

CVEs (5)

  • CVE-2025-50904CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.

  • CVE-2024-57152HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class

  • CVE-2024-53495HigAug 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.

  • CVE-2025-8838HigAug 11, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication.…

  • CVE-2023-29638MedMay 1, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles.