CVE-2020-36607

Name of the Vulnerable Software and Affected Versions FeehiCMS version 2.0.8

Description The issue allows remote attackers to run arbitrary code via the lang attribute of an HTML tag. This is a Cross Site Scripting (XSS) issue, which enables attackers to execute scripts in the context of another user's session, potentially leading to unauthorized actions.

Recommendations For FeehiCMS version 2.0.8, as a temporary workaround, consider restricting the use of the lang attribute in HTML tags to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.