Reflected Cross-Site Scripting in FeehiCMS by Liufee
CVE-2022-43320

6.1MEDIUM

Key Information:

Vendor: Feehi
Status: Feehicms
Vendor: CVE Published:; 9 November 2022

What is CVE-2022-43320?

FeehiCMS v2.1.1 has a reflected cross-site scripting (XSS) vulnerability that can be exploited via the 'id' parameter in the web/admin/index.php?r=log%2Fview-layer endpoint. This flaw allows attackers to inject malicious scripts into web pages that are then viewed by unsuspecting users, potentially leading to session hijacking, data theft, and other unauthorized actions. It is crucial for users of this CMS to implement necessary security patches and updates to mitigate the risks associated with this vulnerability.

References

https://github.com/liufee/feehicms/issues/4

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43320 Data

JSON