14 matches found
EUVD-2026-40044
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...
CVE-2026-13544 Feehi CMS API users access control
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...
CVE-2026-31354
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
GHSA-HQJC-WFVX-X2FV Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
EUVD-2026-19343
An authenticated stored cross-site scripting XSS vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
GHSA-XQM9-6QMM-XRQH Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
Cross-site Scripting (XSS)
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Page Sign parameter. An attacker can execute arbitrary web scripts or HTML by injecting a crafted payload. Details Cross-site scripting or XSS is a code...
CVE-2026-31352
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
CVE-2026-31350
An authenticated stored cross-site scripting XSS vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter...
PT-2026-30668
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
CVE-2026-31352
An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...
Improper Restriction of Rendered UI Layers or Frames
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the Comments Management function. An attacker can manipulate user interactions by causing links to open in a new tab without proper...
FeehiCMS 代码问题漏洞
FeehiCMS is a Php-based CMS builder. FeehiCMS version 2.0.8 has an arbitrary file upload vulnerability that can be exploited by remote attackers to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...
CVE-2022-38796
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...