Lucene search

GitHub Advisory DatabaseGHSA-5MQQ-7G25-R4WX

HistorySep 30, 2022 - 12:00 a.m.

FeehiCMS vulnerable to Cross-Site scripting via crafted payload

2022-09-3000:00:43

CWE-79

GitHub Advisory Database

github.com

feehicms

cross-site scripting

single page

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.

Affected configurations

Vulners

Node

feehifeehicmsRange≤2.0.1.1

CPENameOperatorVersion
feehi/feehicmsle2.0.1.1

CPE	Name	Operator	Version
	feehi/feehicms	le	2.0.1.1

References

github.com/advisories/GHSA-5mqq-7g25-r4wx

github.com/liufee/feehicms/issues/3

nvd.nist.gov/vuln/detail/CVE-2022-40408