Lucene search
GoogleOSV:GHSA-5MQQ-7G25-R4WXHistorySep 30, 2022 - 12:00 a.m.
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
2022-09-3000:00:43
Google
osv.dev
11
feehicms
cross-site scripting
single page
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
25.0%
FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.
Related
cve
cve
CVE-2022-40408
2022-09-29 14:15:10
cvelist
cvelist
CVE-2022-40408
2022-09-29 13:33:54
nvd
nvd
CVE-2022-40408
2022-09-29 14:15:10
osv
osv
CVE-2022-40408
2022-09-29 14:15:10
veracode
veracode
Cross-Site Scripting (XSS)
2022-09-30 13:30:44
cnvd
cnvd
FeehiCMS Cross-Site Scripting Vulnerability
2022-09-30 00:00:00
prion
prion
Cross site scripting
2022-09-29 14:15:00
github
github
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
2022-09-30 00:00:43
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
25.0%
Related for OSV:GHSA-5MQQ-7G25-R4WX