← Back

Winterchens

winterchens

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
My Site
my-site
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-53496
1Winterchens
1My Site
Sep 12, 2025
Aug 22, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
CVE-2024-57152
1Winterchens
1My Site
Sep 11, 2025
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class
CVE-2024-53495
1Winterchens
1My Site
Sep 11, 2025
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
CVE-2025-50904
1Winterchens
1My Site
Sep 11, 2025
Aug 20, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
CVE-2025-8838
1Winterchens
1My Site
Apr 29, 2026
Aug 11, 2025
5.5 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipula...Show more
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."Show less