Lucene search

GitHub Advisory DatabaseGHSA-8VJP-HFGH-68RJ

HistoryDec 15, 2022 - 9:30 p.m.

FeehiCMS Cross Site Scripting vulnerability

2022-12-1521:30:29

CWE-79

GitHub Advisory Database

github.com

feehicms

cross site scripting

vulnerability

remote attackers

arbitrary code

username field

admin log in page

software

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.4%

JSON

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.

Affected configurations

Vulners

Node

feehifeehicmsRange≤2.1.1

VendorProductVersionCPE
feehifeehicms*cpe:2.3:a:feehi:feehicms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
feehi	feehicms	*	cpe:2.3:a:feehi:feehicms::::::::

References

github.com/advisories/GHSA-8vjp-hfgh-68rj

github.com/liufee/cms/issues/64

nvd.nist.gov/vuln/detail/CVE-2022-40000