Shodan
Vulnerabilities
Vulnerable Software
Feehi:  >> Feehi Cms  >> 2.1.1  Security Vulnerabilities
CVE-2026-31313
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31352
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31353
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31354
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31350
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-06
CVE-2026-31351
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-04-06
CVE-2022-38796
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-14
CVE-2022-34140
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-28
CVE-2022-34971
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-07-27
CVE-2021-30108
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-05-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved