CVE-2025-63520

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FeehiCMS version 2.1.1

Description A Cross Site Scripting (XSS) issue exists in FeehiCMS version 2.1.1. The issue is related to the id parameter within the User Update function, accessible via the URL path '?r=user%2Fupdate'. This allows for potential malicious script injection. The id parameter is the point of entry for the attack.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the User Update function or sanitizing the id parameter before processing it.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-63520

GHSA-C2VX-RX6X-M9WJ

Affected Products

Feehicms

CVE-2025-63520

Weakness Enumeration

Related Identifiers

Affected Products

References · 5