Cross-Site Scripting Vulnerability in Feehi CMS by Liufee
CVE-2020-21146

6.1MEDIUM

Key Information:

Vendor: Feehi
Status: Feehi Cms
Vendor: CVE Published:; 26 January 2021

What is CVE-2020-21146?

Feehi CMS version 2.0.8 contains a cross-site scripting (XSS) vulnerability that allows an attacker to inject malicious JavaScript code through user input. When users access a post with a specially crafted username, their browser executes the embedded JavaScript, potentially compromising user accounts and data. It is crucial for developers and administrators to sanitize user inputs and update to a patched version to mitigate this security risk.

References

https://github.com/liufee/cms/issues/43

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-21146 Data

JSON