cbcvebase.

Mossle Lemon vulnerabilities

4 known vulnerabilities affecting mossle/lemon.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-9406P2CRITICALCVSS 9.8≤ 1.13.02025-08-25
CVE-2025-9406 [CRITICAL] CWE-284 CVE-2025-9406: A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadIma A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made availab
nvd
CVE-2018-18315P3HIGHCVSS 7.5v1.9.02018-10-15
CVE-2018-18315 [HIGH] CWE-434 CVE-2018-18315: com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
nvd
CVE-2020-20598P4MEDIUMCVSS 6.1v1.10.02021-12-22
CVE-2020-20598 [MEDIUM] CWE-79 CVE-2020-20598: A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attacker A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.
nvd
CVE-2020-20597P4MEDIUMCVSS 6.1v1.10.02021-12-22
CVE-2020-20597 [MEDIUM] CWE-79 CVE-2020-20597: A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.
nvd
Mossle Lemon vulnerabilities | cvebase