Skip to main content

Feehi Cms

6 CVEs product

Monthly

CVE-2026-31354 PHP MEDIUM GHSA This Month

Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 Permissions module allows authenticated users to inject malicious scripts via Group, Category, or Description parameters, potentially enabling session hijacking or malware distribution to other authenticated users. Attack requires valid credentials and user interaction (UI:R per CVSS), limiting immediate risk despite network accessibility. No public exploit code or active exploitation has been confirmed; EPSS probability is minimal at 0.01% (3rd percentile).

XSS Feehi Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-31353 PHP MEDIUM GHSA This Month

Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 Category module allows authenticated attackers to inject arbitrary web scripts via the Name parameter, affecting users who subsequently view the malicious content. The vulnerability requires user interaction (rendering in a browser) and authenticated access to inject the payload, but once stored, it executes in the context of any user viewing the affected category. EPSS exploitation probability is extremely low at 0.02% (5th percentile), indicating minimal real-world attack likelihood despite moderate CVSS score.

XSS Feehi Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-38796 PHP MEDIUM POC This Month

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Feehi Cms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34140 PHP MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Feehi Cms
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.6%
CVE-2022-34971 PHP HIGH POC This Week

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Feehi Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-30108 PHP CRITICAL POC Act Now

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Feehi Cms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 Permissions module allows authenticated users to inject malicious scripts via Group, Category, or Description parameters, potentially enabling session hijacking or malware distribution to other authenticated users. Attack requires valid credentials and user interaction (UI:R per CVSS), limiting immediate risk despite network accessibility. No public exploit code or active exploitation has been confirmed; EPSS probability is minimal at 0.01% (3rd percentile).

XSS Feehi Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting (XSS) in Feehi CMS v2.1.1 Category module allows authenticated attackers to inject arbitrary web scripts via the Name parameter, affecting users who subsequently view the malicious content. The vulnerability requires user interaction (rendering in a browser) and authenticated access to inject the payload, but once stored, it executes in the context of any user viewing the affected category. EPSS exploitation probability is extremely low at 0.02% (5th percentile), indicating minimal real-world attack likelihood despite moderate CVSS score.

XSS Feehi Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Feehi Cms
NVD
EPSS 4% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Feehi Cms
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Feehi Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy