Arbitrary Web Code Execution in FeehiCMS by Feehi
CVE-2020-19709

6.1MEDIUM

Key Information:

Vendor: Feehi
Status: Feehicms
Vendor: CVE Published:; 26 August 2021

What is CVE-2020-19709?

The vulnerability arises from inadequate filtering of tag parameters in FeehiCMS version 0.1.3, enabling attackers to execute arbitrary web code or HTML through specially crafted payloads. This flaw poses significant security risks as it could facilitate further attacks, compromising the integrity and functionality of web applications built on this platform. Users are advised to implement appropriate security measures to mitigate potential threats.

References

https://github.com/liufee/feehicms/issues/2

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-19709 Data

JSON