Feehi

Feehi Cms

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-31351

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 00:00:00
  • Zuletzt bearbeitet 07.04.2026 21:14:30

An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.

5.4

CVE-2026-31350

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 00:00:00
  • Zuletzt bearbeitet 09.04.2026 21:16:09

An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.

5.4

CVE-2026-31352

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 00:00:00
  • Zuletzt bearbeitet 09.04.2026 21:16:09

An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.

5.4

CVE-2026-31353

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 00:00:00
  • Zuletzt bearbeitet 09.04.2026 21:16:09

An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

5.4

CVE-2026-31354

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 00:00:00
  • Zuletzt bearbeitet 09.04.2026 21:16:09

Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description p...

5.4

CVE-2026-31313

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 00:00:00
  • Zuletzt bearbeitet 09.04.2026 21:16:08

An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.

6.1

CVE-2022-38796

Exploit
  • EPSS 0.11%
  • Veröffentlicht 14.09.2022 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:17:06

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.

5.4

CVE-2022-34140

Exploit
  • EPSS 0.31%
  • Veröffentlicht 28.07.2022 00:15:08
  • Zuletzt bearbeitet 21.11.2024 07:08:55

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.

8.8

CVE-2022-34971

Exploit
  • EPSS 0.78%
  • Veröffentlicht 27.07.2022 02:15:09
  • Zuletzt bearbeitet 21.11.2024 07:10:30

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.

9.1

CVE-2021-30108

Exploit
  • EPSS 0.29%
  • Veröffentlicht 24.05.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:03:19

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.