Wangl1989: >> Mysiteforme >> 2.2.1 Security Vulnerabilities
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-04
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-15
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-15
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-15
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-01-15
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-24
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-01-20