VYPR

Lemon

by xuhuisheng

Source repositories

CVEs (3)

  • CVE-2018-18315HigOct 15, 2018
    risk 0.49cvss 7.5epss 0.01

    com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.

  • CVE-2025-9406MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload.…

  • CVE-2020-20597MedDec 22, 2021
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.