Thinhneee

**Name of the Vulnerable Software and Affected Versions** MuuCMF T6 version 1.9.4.20260115 **Description** An unauthenticated attacker can compromise the entire database, obtain unauthorized administrative access, and potentially achieve remote code execution by writing malicious files to the server's file system. This is possible via the 'keyword' parameter in the "/index/controller/Search.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the `keyword` parameter in the "/index/controller/Search.php" endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions Feehi CMS version 2.1.1 Description An authenticated stored cross-site scripting (XSS) vulnerability exists in Feehi CMS version 2.1.1. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Page Sign` parameter. Recommendations Update Feehi CMS to a newer version that addresses this vulnerability. As a temporary workaround, sanitize all input received through the `Page Sign` parameter.

Name of the Vulnerable Software and Affected Versions Feehi CMS version 2.1.1 Description An authenticated stored cross-site scripting (XSS) vulnerability exists in the Role Management module. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `Role Name` parameter. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Feehi CMS version 2.1.1 Description An authenticated stored cross-site scripting (XSS) vulnerability exists in the Category module. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` parameter. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Feehi CMS version 2.1.1 Description The Permissions module in Feehi CMS version 2.1.1 contains multiple authenticated stored cross-site scripting (XSS) flaws. Attackers can inject a crafted payload into the `Group`, `Category`, or `Description` parameters to execute arbitrary web scripts or HTML. Recommendations Update Feehi CMS to a version that addresses this issue. As a temporary workaround, sanitize all user-supplied input for the `Group`, `Category`, and `Description` parameters.

Name of the Vulnerable Software and Affected Versions Feehi CMS version 2.1.1 Description An authenticated stored cross-site scripting (XSS) vulnerability exists in the creation/editing module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Content field. Recommendations Update to a newer version that contains a fix for this vulnerability.