Mysiteforme Security Vulnerabilities and Issues — Mysiteforme CVE List

Lucene search

Wangl1989Mysiteforme

14 matches found

CVE•added 2022/05/24 3:15 a.m.•53 views

CVE-2022-29309

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.

7.5CVSS7.5AI score0.00231EPSS

CVE•added 2022/01/20 12:15 a.m.•45 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.

5.4CVSS5.2AI score0.00191EPSS

CVE•added 2025/01/05 11:15 a.m.•44 views

CVE-2024-13138

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack ...

8.8CVSS7.2AI score0.00062EPSS

CVE•added 2025/01/15 12:15 a.m.•43 views

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.

9.1CVSS7.5AI score0.0009EPSS

CVE•added 2025/01/15 12:15 a.m.•41 views

CVE-2024-57765

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.

7.5CVSS8.3AI score0.00064EPSS

CVE•added 2025/01/15 12:15 a.m.•41 views

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.

9.1CVSS7.5AI score0.0009EPSS

CVE•added 2022/01/19 11:15 p.m.•39 views

CVE-2021-46027

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added

6.5CVSS6.4AI score0.00098EPSS

CVE•added 2025/01/15 12:15 a.m.•38 views

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.

9.1CVSS7.5AI score0.0009EPSS

CVE•added 2025/01/15 12:15 a.m.•38 views

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.

8.6CVSS7.5AI score0.00076EPSS

CVE•added 2025/01/05 9:15 a.m.•37 views

CVE-2024-13136

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The ex...

9.8CVSS6.4AI score0.00078EPSS

CVE•added 2025/01/05 10:15 a.m.•37 views

CVE-2024-13137

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the atta...

5.4CVSS3.5AI score0.00051EPSS

CVE•added 2025/01/15 12:15 a.m.•37 views

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.

7.5CVSS7.4AI score0.0009EPSS

CVE•added 2025/01/05 11:15 a.m.•36 views

CVE-2024-13139

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack...

8.8CVSS7AI score0.00066EPSS

CVE•added 2025/03/04 9:15 p.m.•36 views

CVE-2025-26136

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

9.8CVSS8.1AI score0.00063EPSS