Exploit Database
147,250 exploits tracked across all sources.
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Category Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS 5.4
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Role Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS 5.4
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Role Name Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS 5.4
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 4.8
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Title Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 4.8
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Page Sign Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS 5.4
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting via Page Sign Parameter
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS 5.4
Feehi CMS 2.1.1 - Authenticated Stored Cross-Site Scripting in Content Field
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
CVSS 5.4
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via XML File Upload
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.
CVSS 5.4
FeehiCMS-2.1.1 - Cross-Site Scripting via Callback Parameter
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.
CVSS 5.4
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via Article Title Field
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.
CVSS 5.4
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via Admin Login Username Field
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.
CVSS 5.4
Feehi CMS 2.1.1 - Arbitrary File Upload via Advertising Management Module
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 8.8
Feehi CMS 2.1.1 - Stored Cross-Site Scripting via Username Field
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4
Feehi CMS 2.1.1 - Stored Cross-Site Scripting via Username Field
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4
Feehi CMS < 2.1.1 - Remote Code Execution via Crafted Image Upload
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.
CVSS 5.4
Feehi CMS < 2.1.1 - Stored Cross-Site Scripting via Login Page User Name Field
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
CVSS 6.1
Feehi CMS 2.1.1 - Server-Side Request Forgery via HTTP Referer Header
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
CVSS 9.1
FeehiCMS 2.0.8 - Stored Cross-Site Scripting via HTML Lang Attribute
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.
CVSS 6.1
Feehi CMS 2.1.0 - Authenticated Arbitrary File Upload via Administrator Image Upload
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
CVSS 7.2
FeehiCMS < 2.0.8.1 - Arbitrary File Upload via Head Image Upload
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.
CVSS 9.8
Feehicms < 2.0.8.1 - Remote Code Execution via Unrestricted File Upload in Admin User Update
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.
CVSS 9.8
Feehi CMS < 2.0.8 - Arbitrary File Upload and Remote Code Execution
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 9.8
feehi cms < 2.0.8.1 - Remote Code Execution via Image Suffix Upload
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.
CVSS 9.8
Feehi CMS < 2.0.8.1 - Stored Cross-Site Scripting via Username
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
CVSS 6.1
By Source