Medium severity5.4NVD Advisory· Published Apr 6, 2026· Updated Apr 9, 2026
CVE-2026-31354
CVE-2026-31354
Description
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/liufee/cms/issues/85nvdExploitIssue TrackingWEB
- github.com/advisories/GHSA-xqm9-6qmm-xrqhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-31354ghsaADVISORY
News mentions
0No linked articles in our index yet.