Wangl1989 Mysiteforme
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wangl1989 Mysiteforme.
By the Year
In 2026 there have been 0 vulnerabilities in Wangl1989 Mysiteforme. Last year, in 2025 Mysiteforme had 11 security vulnerabilities published. Right now, Mysiteforme is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 11 | 8.20 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 6.47 |
It may take a day or so for new Mysiteforme vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wangl1989 Mysiteforme Security Vulnerabilities
SQLi in MySiteForMe < 2025.01.1
CVE-2025-26136
- March 04, 2025
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
MSFM SSRF via /file/download before v2025.01.01
CVE-2024-57767
- January 15, 2025
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
MSFM < 2025.01.01: fastjson deserialization via system/table/editField
CVE-2024-57766
- January 15, 2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
MSFM SQLi via s_name (table/list) pre2025.01.01
CVE-2024-57765
- January 15, 2025
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
MSFM <1.0 - fastjson Deserialization via system/table/add
CVE-2024-57764
- January 15, 2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
MSFM before 2025.01.01: FastJSON Deserialization via system/table/addField
CVE-2024-57763
- January 15, 2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
MSFM deserialization flaw via pom.xml before v2025.01.01
CVE-2024-57762
- January 15, 2025
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
SSRF in wangl1989's mysiteforme 1.0 FileController (critical)
CVE-2024-13139
8.8 - High
- January 05, 2025
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SSRF
Unrestricted File Upload in MySiteForMe 1.0 via LocalUploadServiceImpl
CVE-2024-13138
8.8 - High
- January 05, 2025
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Unrestricted File Upload
XSS via RestResponse in mysiteforme 1.0 (wangl1989)
CVE-2024-13137
5.4 - Medium
- January 05, 2025
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
XSS
Critical Deserialization in MySiteForMe 1.0 rememberMeManager (Shiro)
CVE-2024-13136
9.8 - Critical
- January 05, 2025
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Marshaling, Unmarshaling
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
CVE-2022-29309
7.5 - High
- May 24, 2022
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.
SSRF
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS)
CVE-2021-46026
5.4 - Medium
- January 20, 2022
mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.
XSS
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management
CVE-2021-46027
6.5 - Medium
- January 19, 2022
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wangl1989 Mysiteforme or by Wangl1989? Click the Watch button to subscribe.
