FeehiCMS vulnerable to Cross-Site scripting via crafted payload
Moderate severity
GitHub Reviewed
Published
Sep 30, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Sep 29, 2022
Published to the GitHub Advisory Database
Sep 30, 2022
Reviewed
Oct 1, 2022
Last updated
Jan 27, 2023
FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.
References