Mysiteforme@* Security Vulnerabilities and Issues — Mysiteforme@* CVE List

Lucene search

Wangl1989Mysiteforme*

8 matches found

CVE•added 2022/01/20 12:15 a.m.•45 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.

5.4CVSS5.2AI score0.00191EPSS

CVE•added 2025/01/15 12:15 a.m.•43 views

CVE-2024-57764

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.

9.1CVSS7.5AI score0.0009EPSS

CVE•added 2025/01/15 12:15 a.m.•41 views

CVE-2024-57765

MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.

7.5CVSS8.3AI score0.00064EPSS

CVE•added 2025/01/15 12:15 a.m.•41 views

CVE-2024-57766

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.

9.1CVSS7.5AI score0.0009EPSS

CVE•added 2025/01/15 12:15 a.m.•38 views

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.

9.1CVSS7.5AI score0.0009EPSS

CVE•added 2025/01/15 12:15 a.m.•38 views

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.

8.6CVSS7.5AI score0.00076EPSS

CVE•added 2025/01/15 12:15 a.m.•37 views

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.

7.5CVSS7.4AI score0.0009EPSS

CVE•added 2025/03/04 9:15 p.m.•36 views

CVE-2025-26136

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

9.8CVSS8.1AI score0.00063EPSS