GHSA-4R4F-JRVW-H727 Feehi CMS host header injection vulnerability

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

CVE-2022-38796

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

CVE-2022-38796

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

Design/Logic Flaw

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

CVE-2022-38796

CVE-2022-38796 affects Feehi CMS 2.1.1 and is a host header injection vulnerability that can be exploited to spoof headers via password reset emails. The connected PT Security entry (PT-2022-24572) confirms the affected version and suggests a workaround: restrict access to password reset function...

CVE-2022-38796

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

PT-2022-24572 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: Feehi CMS version 2.1.1 Description: A Host Header Injection issue may allow an attacker to spoof a particular header, potentially exploiting this by abusing password reset emails. Recommendations: For Feehi CMS version 2.1.1, consider...

Arbitrary File Upload

feehi/cms is vulnerable to arbitrary file upload. The library only verifies the suffix of a file in the frontend, which allows an attacker to upload malicious files via the background avatar upload and remotely execute arbitrary code on the system...

Feehi CMS 2.1.1 Cross Site Scripting

Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Date: 02-08-2022 Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linu...

Feehi CMS 2.1.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linux, Windows, Docke...

Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Date: 02-08-2022 Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linu...

Feehi CMS Cross-site Scripting

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

GHSA-25Q6-M425-9FQR Feehi CMS Cross-site Scripting

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

GHSA-JXG9-2CH7-F552 Feehi CMS arbitrary code execution via crafted PHP file

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file...

Feehi CMS arbitrary code execution via crafted PHP file

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...