Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNTR2LWd2OHAtOXBxcM4AAwYY
FeehiCMS Cross Site Scripting vulnerability
Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
Permalink: https://github.com/advisories/GHSA-m54v-gv8p-9pqpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNTR2LWd2OHAtOXBxcM4AAwYY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-m54v-gv8p-9pqp, CVE-2021-36572
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-36572
- https://github.com/liufee/cms/issues/58
- https://github.com/advisories/GHSA-m54v-gv8p-9pqp
Blast Radius: 0.0
Affected Packages
packagist:feehi/feehicms
Dependent packages: 0Dependent repositories: 1
Downloads: 412 total
Affected Version Ranges: <= 2.1.1
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 2.0.0, 2.0.1