Stored XSS Vulnerability in Feehi CMS v2.1.1 Allows Arbitrary Code Execution via Crafted Username Field

Stored XSS Vulnerability in Feehi CMS v2.1.1 Allows Arbitrary Code Execution via Crafted Username Field

CVE-2022-34140 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.

Learn more about our Web App Pen Testing.