Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
wangl1989
111035.8%CRITICAL

Related CVEs

11
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-26136A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.CRITICAL9.828.5%Mar 4, 2025
CVE-2024-57767MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.HIGH8.633.9%Jan 15, 2025
CVE-2024-57766MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.CRITICAL9.138.7%Jan 15, 2025
CVE-2024-57765MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.HIGH7.534.6%Jan 15, 2025
CVE-2024-57764MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.CRITICAL9.138.7%Jan 15, 2025
CVE-2024-57763MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.CRITICAL9.138.7%Jan 15, 2025
CVE-2024-57762MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.HIGH7.538.7%Jan 15, 2025
CVE-2024-13139A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.341.1%Jan 5, 2025
CVE-2024-13138A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.133.8%Jan 5, 2025
CVE-2024-13137A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.124.2%Jan 5, 2025
CVE-2024-13136A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.343.3%Jan 5, 2025