Feehi/feehicms
This hub aggregates every CVE we track for Feehi/feehicms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM14
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 14 most recently published vulnerabilities affecting Feehi/feehicms.
- CVE-2025-63522Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function4.6
- CVE-2025-63520Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).6.1
- CVE-2025-63523FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in tra...6.5
- CVE-2022-40001Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.5.4
- CVE-2022-40002Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.5.4
- CVE-2022-40000Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.5.4
- CVE-2022-40373Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.5.4
- CVE-2021-36572Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.6.1
- CVE-2021-36573File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.5.4
- CVE-2020-36607Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.6.1
- CVE-2020-20589Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.6.1
- CVE-2022-4014FeehiCMS Post My Comment Tab cross-site request forgery4.3
- CVE-2022-40408FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.5.4
- CVE-2020-19709Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload.6.1
Product normalization is registry-driven with AI assist and human review. How it works