Skip to content

FeehiCMS vulnerable to Cross-Site scripting via crafted payload

Moderate severity GitHub Reviewed Published Sep 30, 2022 to the GitHub Advisory Database • Updated Jan 27, 2023

Package

composer feehi/feehicms (Composer)

Affected versions

<= 2.0.1.1

Patched versions

None

Description

FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.

References

Published by the National Vulnerability Database Sep 29, 2022
Published to the GitHub Advisory Database Sep 30, 2022
Reviewed Oct 1, 2022
Last updated Jan 27, 2023

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2022-40408

GHSA ID

GHSA-5mqq-7g25-r4wx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.