Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40408: There are some XSS vulnerabilities in FeehiCMS-2.1.1 · Issue #3 · liufee/feehicms

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.

CVE
Open in Source
#xss#vulnerability#windows

There is a stored XSS vulnerability in the background of FeehiCMS.

First register a user for testing, then go to Content -> Single Page, upload any picture in the comment box.

Then send a comment, capture the odd packet while sending the Forward, change the value of SRC under the

tag in the packet to: ‘x’ [onerror=’alert(1)', and send the message.

Refresh the page, and pop-up windows will appear on the current page and the home page.

Related news

GHSA-5mqq-7g25-r4wx: FeehiCMS vulnerable to Cross-Site scripting via crafted payload

FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE