CVE-2021-36572 – feehi/feehicms

Package

Manager: composer
Name: feehi/feehicms
Vulnerable Version: >=0 <=2.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00077 pctl0.23714

Details

FeehiCMS Cross Site Scripting vulnerability Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.

Metadata

Created: 2022-12-15T21:30:29Z
Modified: 2022-12-19T15:54:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-m54v-gv8p-9pqp/GHSA-m54v-gv8p-9pqp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-m54v-gv8p-9pqp
Finding: F425
Auto approve: 1