Mysiteforme
by Wangl1989
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26136 | Cri | 0.64 | 9.8 | 0.00 | Mar 4, 2025 | A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. | ||
| CVE-2022-29309 | Hig | 0.49 | 7.5 | 0.01 | May 24, 2022 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | ||
| CVE-2021-46027 | Med | 0.42 | 6.5 | 0.00 | Jan 19, 2022 | mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | ||
| CVE-2024-13139 | Med | 0.41 | 6.3 | 0.01 | Jan 5, 2025 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request… | ||
| CVE-2024-13136 | Med | 0.41 | 6.3 | 0.01 | Jan 5, 2025 | A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be… | ||
| CVE-2021-46026 | Med | 0.35 | 5.4 | 0.00 | Jan 20, 2022 | mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. | ||
| CVE-2024-13138 | Med | 0.31 | 4.7 | 0.00 | Jan 5, 2025 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted… | ||
| CVE-2024-13137 | Low | 0.16 | 2.4 | 0.00 | Jan 5, 2025 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible… |
- risk 0.64cvss 9.8epss 0.00
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
- risk 0.49cvss 7.5epss 0.01
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
- risk 0.42cvss 6.5epss 0.00
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be…
- risk 0.35cvss 5.4epss 0.00
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.
- risk 0.31cvss 4.7epss 0.00
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible…