Aggregates CVE and security vulnerability intelligence across all wangl1989-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure and vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-26136 | A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. | [email protected] | 9.8 | 0.15% | 2025-03-04 | 2025-06-24 |
| CVE-2024-57767 | MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | [email protected] | 8.6 | 0.25% | 2025-01-15 | 2025-04-10 |
| CVE-2024-57766 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. | [email protected] | 9.1 | 0.30% | 2025-01-15 | 2025-04-10 |
| CVE-2024-57765 | MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. | [email protected] | 7.5 | 0.16% | 2025-01-15 | 2025-04-10 |
| CVE-2024-57764 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. | [email protected] | 9.1 | 0.30% | 2025-01-15 | 2025-04-10 |
| CVE-2024-57763 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. | [email protected] | 9.1 | 0.26% | 2025-01-15 | 2025-04-10 |
| CVE-2024-57762 | MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. | [email protected] | 7.5 | 0.30% | 2025-01-15 | 2025-04-10 |
| CVE-2024-13139 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 0.07% | 2025-01-05 | 2025-01-10 |
| CVE-2024-13138 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.05% | 2025-01-05 | 2025-01-10 |
| CVE-2024-13137 | A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.07% | 2025-01-05 | 2025-01-10 |
| CVE-2024-13136 | A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 0.10% | 2025-01-05 | 2025-01-10 |
| CVE-2022-29309 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | [email protected] | 7.5 | 0.23% | 2022-05-24 | 2025-04-22 |
| CVE-2021-46026 | mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. | [email protected] | 5.4 | 0.18% | 2022-01-20 | 2025-04-10 |
| CVE-2021-46027 | mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | [email protected] | 6.5 | 0.05% | 2022-01-19 | 2025-04-22 |