Headline
Feehi CMS 2.1.1 Cross Site Scripting
Feehi CMS version 2.1.1 suffers from a persistent cross site scripting vulnerability.
# Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)# Date: 02-08-2022# Exploit Author: Shivam Singh# Vendor Homepage: https://feehi.com/# Software Link: https://github.com/liufee/cms#Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/# Version: 2.1.1 (REQUIRED)# Tested on: Linux, Windows, Docker# CVE : CVE-2022-34140# Proof of Concept:1-Sing-up https://localhost.cms.feehi/2-Inject The XSS Payload in Username:"><script>alert(document.cookie)</script> fill all required fields andclick the SignUp button3-Login to Your Account, Go to any article page then XSS will trigger.Related news
Feehi CMS 2.1.1 Remote Code Execution
Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.
GHSA-25q6-m425-9fqr: Feehi CMS Cross-site Scripting
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVE-2022-34140: GitHub - liufee/cms: Feehi CMS based on yii2
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.