VYPR

Feehicms

by Feehi

Source repositories

CVEs (7)

  • CVE-2025-15264HigDec 30, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The…

  • CVE-2026-31313MedApr 6, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.

  • CVE-2026-31354MedApr 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.

  • CVE-2026-31353MedApr 6, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

  • CVE-2026-31352MedApr 6, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.

  • CVE-2026-31350MedApr 6, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.

  • CVE-2026-31351MedApr 6, 2026
    risk 0.31cvss 4.8epss 0.00

    An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.