159 matches found
CVE-2026-31353
CVE-2026-31353 is an authenticated stored XSS in the Category module of Feehi CMS v2.1.1. The vulnerability allows an attacker with valid credentials to inject a crafted payload via the Name parameter, enabling execution of arbitrary web scripts/HTML in the context of the vulnerable site. Documen...
PT-2026-30652
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...
CVE-2026-31313
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...
CVE-2025-15264
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-15264
CVE-2025-15264 affects FeehiCMS (up to v2.1.1) via the TimThumb component in frontend/web/timthumb.php. The vulnerability arises from manipulating the src argument, enabling server-side request forgery (SSRF) and potentially allowing remote exploitation. Public disclosures of the exploit exist; t...
CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-65657
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...
CVE-2025-65657
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...
CVE-2025-65657
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes or stores in an executable location without sufficient validation, sanitization, or executi...
Cross-site Scripting (XSS)
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the User Update function. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious input...
GHSA-C2VX-RX6X-M9WJ FeehiCMS is vulnerable to cross-site scripting via the id parameter of the User Update function
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function ?r=user%2Fupdate...
FeehiCMS fails to enforce server-side immutability
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...
CVE-2025-63523
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...
CVE-2025-63522
Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...
CVE-2025-63523
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...
CVE-2025-63523
CVE-2025-63523 : FeehiCMS 2.1.1 fails to enforce server-side immutability for parameters labeled as “read-only.” An authenticated attacker can intercept a parameter in transit, modify it, and have the backend accept the changes, potentially causing unintended username changes. The available docum...
EUVD-2021-2107
Malware in sbrugna...
EUVD-2021-1322
Malware in sbrugna...
EUVD-2022-7525
Malicious code in bioql PyPI...
EUVD-2022-7676
Malicious code in bioql PyPI...