logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-40373 feehi/feehicms

Package

Manager: composer
Name: feehi/feehicms
Vulnerable Version: >=0 <=2.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0006 pctl0.18797

Details

FeehiCMS Cross Site Scripting vulnerability Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.

Metadata

Created: 2022-12-15T21:30:29Z
Modified: 2022-12-19T19:15:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-xv8h-43h9-v3jq/GHSA-xv8h-43h9-v3jq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-xv8h-43h9-v3jq
Finding: F425
Auto approve: 1