Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29309 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
| CVE-2021-46027 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | |||||
| CVE-2021-46026 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | 3.5 LOW | 5.4 MEDIUM |
| mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. | |||||
| CVE-2024-57762 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 7.5 HIGH |
| MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. | |||||
| CVE-2024-57763 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 9.1 CRITICAL |
| MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. | |||||
| CVE-2024-57764 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 9.1 CRITICAL |
| MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. | |||||
| CVE-2024-57765 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 7.5 HIGH |
| MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. | |||||
| CVE-2024-57766 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 9.1 CRITICAL |
| MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. | |||||
| CVE-2024-57767 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | N/A | 8.6 HIGH |
| MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | |||||
| CVE-2024-13139 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13138 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13137 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13136 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||