Cross Site Scripting Vulnerability in FeehiCMS by Liu Fee
CVE-2022-40002

5.4MEDIUM

Key Information:

Vendor: Feehi
Status: Feehicms
Vendor: CVE Published:; 15 December 2022

What is CVE-2022-40002?

A Cross Site Scripting (XSS) vulnerability exists in FeehiCMS version 2.1.1, which allows remote attackers to execute arbitrary code through the manipulation of the callback parameter in the /cms/notify endpoint. This flaw can lead to unauthorized actions being performed on behalf of legitimate users, increasing the risk of data theft and site compromise.

References

https://github.com/liufee/cms/issues/66

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2022
Vulnerability Reserved
Sep 6, 2022

CVE-2022-40002 Data

JSON