19 matches found
EUVD-2025-200003
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function ?r=user%2Fupdate...
EUVD-2025-200001
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...
PT-2025-48452
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function ?r=user%2Fupdate...
CVE-2024-8296 FeehiCMS index.php insert unrestricted upload
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...
GHSA-8VJP-HFGH-68RJ FeehiCMS Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
CVE-2022-40000
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
CVE-2022-40001
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...
CVE-2022-40002
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...
Cross site scripting
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
Cross site scripting
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...
CVE-2022-40001
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...
CVE-2022-40373
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file...
CVE-2022-40000
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
CVE-2022-40000
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page...
CVE-2022-40002
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...
CVE-2022-40000
CVE-2022-40000 corresponds to a Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1, allowing remote attackers to execute arbitrary code via the username field on the admin login page. Affected product is FeehiCMS 2.1.1; the underlying issue is an XSS flaw in the username input path, with ...
CVE-2022-40001
CVE-2022-40001 affects FeehiCMS 2.1.1. The vulnerability is a reflected/stored Cross Site Scripting (XSS) in which an attacker can cause the application to execute arbitrary code through the title field on the create article page. Exploitation details are not elaborated beyond this vector in the ...
CVE-2022-40373
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file...
CVE-2022-40001
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...