Wangl1989 Mysiteforme
14 CVEs affecting Wangl1989 Mysiteforme. Latest disclosed: 2025-03-04. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-26136 | Critical | 9.8 | 2025-03-04 | A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. |
CVE-2024-57766 | Critical | 9.1 | 2025-01-15 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. |
CVE-2024-57764 | Critical | 9.1 | 2025-01-15 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. |
CVE-2024-57763 | Critical | 9.1 | 2025-01-15 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. |
CVE-2024-57767 | High | 8.6 | 2025-01-15 | MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. |
CVE-2024-57765 | High | 7.5 | 2025-01-15 | MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. |
CVE-2024-57762 | High | 7.5 | 2025-01-15 | MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. |
CVE-2022-29309 | High | 7.5 | 2022-05-24 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. |
CVE-2021-46027 | Medium | 6.5 | 2022-01-19 | mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a… |
CVE-2024-13139 | Medium | 6.3 | 2025-01-05 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/… |
CVE-2024-13136 | Medium | 6.3 | 2025-01-05 | A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/mai… |
CVE-2021-46026 | Medium | 5.4 | 2022-01-20 | mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. |
CVE-2024-13138 | Medium | 4.7 | 2025-01-05 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/j… |
CVE-2024-13137 | Low | 2.4 | 2025-01-05 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java… |