Headline
CVE-2021-36572: Cross Site Scripting Vulnerability On Feehi CMS · Issue #58 · liufee/cms
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
Hi i found xss vuln on Feehi CMS Login Form.
What is XSS?
Attacker can inject and executee javascript code to webpage.
Feehi CMS response your input data on webpage. Like
So attacker can inject javascript code into webpage using form request.
POC Videos:
https://youtu.be/aNq_CM_tmHw
Note : youtube videos is unlisted video .So noone can see ,except who has video link.
Related news
GHSA-m54v-gv8p-9pqp: FeehiCMS Cross Site Scripting vulnerability
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.