CVE-2020-20589 – feehi/feehicms

Package

Manager: composer
Name: feehi/feehicms
Vulnerable Version: >=0 <=2.0.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00101 pctl0.28412

Details

FeehiCMS vulnerable to Cross Site Scripting Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

Metadata

Created: 2022-12-15T21:30:28Z
Modified: 2022-12-19T14:40:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-pwh3-3pcm-6vjh/GHSA-pwh3-3pcm-6vjh.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pwh3-3pcm-6vjh
Finding: F008
Auto approve: 1