Skip to main content

Feehicms CVE-2022-40373

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-12-15 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 15, 2022 - 19:15 nvd
MEDIUM 5.4

DescriptionNVD

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.

AnalysisAI

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. Affected products include: Feehi Feehicms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-65657 MEDIUM POC
6.5 Dec 02

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1

CVE-2025-63523 MEDIUM POC
6.5 Dec 01

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-o

CVE-2025-63520 MEDIUM POC
6.1 Dec 01

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fu

CVE-2022-43320 MEDIUM POC
6.1 Nov 09

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /

CVE-2022-40002 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callbac

CVE-2022-40001 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title f

CVE-2022-40000 MEDIUM POC
5.4 Dec 15

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the usernam

CVE-2022-40408 MEDIUM POC
5.4 Sep 29

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into

CVE-2024-8296 MEDIUM POC
5.3 Aug 29

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical.php?r=user%2Fcreate. Rated medium severity

CVE-2024-8295 MEDIUM POC
5.3 Aug 29

A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. Rated medium severity (CVSS 5.3), thi

CVE-2024-8294 MEDIUM POC
5.3 Aug 29

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. Rated medium severity (CVSS 5.3),

CVE-2025-63522 MEDIUM POC
4.6 Dec 01

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

Share

CVE-2022-40373 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy