Curta1N-7

**Name of the Vulnerable Software and Affected Versions** FeehiCMS version 2.1.1 **Description** The issue allows remote attackers to run arbitrary code via the `username` field of the admin log in page. This is a Cross Site Scripting (XSS) issue. **Recommendations** For FeehiCMS version 2.1.1, as a temporary workaround, consider restricting access to the admin log in page or validating and sanitizing the `username` field to prevent the execution of arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FeehiCMS version 2.1.1 **Description** The issue allows remote attackers to run arbitrary code via the `title` field of the create article page. This is a Cross Site Scripting (XSS) issue, which means an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For FeehiCMS version 2.1.1, as a temporary workaround, consider restricting access to the create article page or sanitizing the `title` field input to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FeehiCMS version 2.1.1 **Description** A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the upload of a crafted XML file. This enables attackers to execute malicious scripts on the victim's browser, potentially leading to unauthorized actions. **Recommendations** For FeehiCMS version 2.1.1, as a temporary workaround, consider restricting the upload of XML files or validating all uploaded files to prevent malicious content. At the moment, there is no information about a newer version that contains a fix for this vulnerability.