CVE-2021-36572

MEDIUM

Feehi CMS < 2.1.1 - Stored Cross-Site Scripting via Login Page User Name Field

Title source: llm
STIX 2.1

Description

Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/liufee/cms/issues/58

Scores

CVSS v3 6.1
EPSS 0.0042
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
feehi/feehicms < 2.1.1
feehi/feehicms 0Packagist
Published Dec 15, 2022
Tracked Since Feb 18, 2026