Feehi/cms

This hub aggregates every CVE we track for Feehi/cms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Feehi/cms.

• CVE-2025-15264FeehiCMS TimThumb timthumb.php server-side request forgery7.3Dec 30, 2025
• CVE-2025-65657FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later ...6.5Dec 2, 2025
• CVE-2025-63522Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function4.6Dec 1, 2025
• CVE-2025-63520Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).6.1Dec 1, 2025
• CVE-2025-63523FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in tra...6.5Dec 1, 2025
• CVE-2024-8296FeehiCMS index.php insert unrestricted upload6.3Aug 29, 2024
• CVE-2024-8295FeehiCMS index.php createBanner unrestricted upload6.3Aug 29, 2024
• CVE-2024-8294FeehiCMS index.php update unrestricted upload6.3Aug 29, 2024
• CVE-2020-21174File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.9.8Jun 20, 2023
• CVE-2020-21489File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.9.8Jun 20, 2023
• CVE-2022-40001Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.5.4Dec 15, 2022
• CVE-2022-40002Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.5.4Dec 15, 2022
• CVE-2022-40000Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.5.4Dec 15, 2022
• CVE-2022-40373Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.5.4Dec 15, 2022
• CVE-2021-36572Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.6.1Dec 15, 2022