PT-2022-25159 · Feehicms · Feehicms
Curta1N-7
·
Published
2022-12-15
·
Updated
2022-12-19
·
CVE-2022-40000
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FeehiCMS version 2.1.1
Description
The issue allows remote attackers to run arbitrary code via the
username field of the admin log in page. This is a Cross Site Scripting (XSS) issue.Recommendations
For FeehiCMS version 2.1.1, as a temporary workaround, consider restricting access to the admin log in page or validating and sanitizing the
username field to prevent the execution of arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Feehicms