CVE-2020-36607 – feehi/feehicms

Package

Manager: composer
Name: feehi/feehicms
Vulnerable Version: >=0 <=2.0.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00124 pctl0.32389

Details

FeehiCMS Cross Site Scripting vulnerability Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

Metadata

Created: 2022-12-15T21:30:28Z
Modified: 2022-12-19T14:40:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-6jj8-mqx2-7fg5/GHSA-6jj8-mqx2-7fg5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-6jj8-mqx2-7fg5
Finding: F008
Auto approve: 1