Mysiteforme

mysiteforme

Vendor: Wangl1989 • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-26136 1Wangl1989 1Mysiteforme Jun 24, 2025 Mar 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
CVE-2024-57767 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 15, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
CVE-2024-57766 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 15, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVE-2024-57765 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
CVE-2024-57764 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 15, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVE-2024-57763 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 15, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVE-2024-57762 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
CVE-2024-13139 1Wangl1989 1Mysiteforme Jan 10, 2025 Jan 5, 2025 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipu...Show more A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13138 1Wangl1989 1Mysiteforme Jan 10, 2025 Jan 5, 2025 5.1 MEDIUM· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl....Show more A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13137 1Wangl1989 1Mysiteforme Jan 10, 2025 Jan 5, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The...Show more A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13136 1Wangl1989 1Mysiteforme Jan 10, 2025 Jan 5, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The man...Show more A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-29309 1Wangl1989 1Mysiteforme Apr 22, 2025 May 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
CVE-2021-46026 1Wangl1989 1Mysiteforme Apr 10, 2025 Jan 20, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.
CVE-2021-46027 1Wangl1989 1Mysiteforme Apr 22, 2025 Jan 19, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added