Lucene search
K

14 matches found

EUVD
EUVD
added 2026/06/29 6:45 a.m.7 views

EUVD-2026-40044

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS5.4AI score0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/29 6:45 a.m.34 views

CVE-2026-13544 Feehi CMS API users access control

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS0.00214EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.10 views

CVE-2026-31354

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

5.4CVSS6AI score0.00211EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 6:33 p.m.4 views

GHSA-HQJC-WFVX-X2FV Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

5.4CVSS6AI score0.00211EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/06 6:33 p.m.4 views

EUVD-2026-19343

An authenticated stored cross-site scripting XSS vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

6AI score0.00169EPSS
Exploits1References3
OSV
OSV
added 2026/04/06 6:33 p.m.2 views

GHSA-XQM9-6QMM-XRQH Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

5.4CVSS5.9AI score0.00211EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/06 5:15 p.m.13 views

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Page Sign parameter. An attacker can execute arbitrary web scripts or HTML by injecting a crafted payload. Details Cross-site scripting or XSS is a code...

6.9CVSS6AI score0.00169EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 4:16 p.m.4 views

CVE-2026-31352

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

5.4CVSS0.00211EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 4:16 p.m.2 views

CVE-2026-31350

An authenticated stored cross-site scripting XSS vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter...

5.4CVSS0.00169EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30668

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

6AI score0.00211EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/06 12:0 a.m.3 views

CVE-2026-31352

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

6AI score0.00211EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/01 3:39 p.m.5 views

Improper Restriction of Rendered UI Layers or Frames

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the Comments Management function. An attacker can manipulate user interactions by causing links to open in a new tab without proper...

4.8CVSS6.8AI score0.00168EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.5 views

FeehiCMS 代码问题漏洞

FeehiCMS is a Php-based CMS builder. FeehiCMS version 2.0.8 has an arbitrary file upload vulnerability that can be exploited by remote attackers to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

9.8CVSS8AI score0.01314EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/09/14 3:15 p.m.2 views

CVE-2022-38796

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

6.1CVSS5.8AI score0.00504EPSS
Exploits1References2
Rows per page
Query Builder