CVE-2022-38796

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.

CVE-2020-21146

Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.