Browse all 5 CVE security advisories affecting ifmeorg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ifmeorg operates as a mental health platform allowing users to share personal experiences anonymously. Historically, the application has been susceptible to multiple vulnerability classes, including cross-site scripting (XSS) and remote code execution (RCE), with five CVEs documented to date. These vulnerabilities often stem from insufficient input validation and improper access controls. While no major public security incidents have been reported, the consistent pattern of vulnerabilities suggests potential risks to user data privacy and platform integrity. The organization's focus on sensitive health information underscores the critical need for robust security measures to protect user confidentiality and prevent potential exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-25992 | ifme - Insufficient Session Expiration — ifmeCWE-613 | 9.8 | Critical | 2022-02-10 |
| CVE-2021-25991 | ifme - Improper Access Control leads to admin deactivation — ifmeCWE-284 | 5.7 | Medium | 2021-12-29 |
| CVE-2021-25990 | ifme - Stored Cross-Site Scripting (XSS) in Contacts section — ifmeCWE-79 | 5.4 | Medium | 2021-12-29 |
| CVE-2021-25989 | ifme - Stored Cross-Site Scripting (XSS) in Groups section — ifmeCWE-79 | 5.4 | Medium | 2021-12-29 |
| CVE-2021-25988 | ifme - Stored Cross-Site Scripting (XSS) in Notifications section — ifmeCWE-79 | 5.4 | Medium | 2021-12-29 |
This page lists every published CVE security advisory associated with ifmeorg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.