Shodan
Vulnerabilities
Vulnerable Software
Feehi:  Security Vulnerabilities
CVE-2020-36607
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-12-15
CVE-2021-36572
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-15
CVE-2021-36573
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-15
CVE-2022-4014
A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-16
CVE-2022-43320
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-09
CVE-2022-40408
FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-29
CVE-2022-38796
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-09-14
CVE-2020-21516
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-06
CVE-2022-34140
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS Score
5.4
EPSS Score
0.011
Published
2022-07-28
CVE-2022-34971
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-07-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved