Liufee
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31350 | Med | 0.35 | 5.4 | 0.00 | Apr 6, 2026 | An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter. | ||
| CVE-2025-65657 | 0.00 | — | 0.00 | Dec 2, 2025 | FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE). | |||
| CVE-2025-63523 | 0.00 | — | 0.00 | Dec 1, 2025 | FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes. | |||
| CVE-2025-63522 | 0.00 | — | 0.00 | Dec 1, 2025 | Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function | |||
| CVE-2025-63520 | 0.00 | — | 0.00 | Dec 1, 2025 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). |
- risk 0.35cvss 5.4epss 0.00
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
- CVE-2025-65657Dec 2, 2025risk 0.00cvss —epss 0.00
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
- CVE-2025-63523Dec 1, 2025risk 0.00cvss —epss 0.00
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.
- CVE-2025-63522Dec 1, 2025risk 0.00cvss —epss 0.00
Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function
- CVE-2025-63520Dec 1, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).