Authenticated Stored Cross-Site Scripting in Feehi CMS
CVE-2026-31350

5.4MEDIUM

Key Information:

Vendor: Feehi
Status: Feehi CMS
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-31350?

An authenticated stored cross-site scripting (XSS) vulnerability exists in Feehi CMS v2.1.1, allowing attackers to inject and execute arbitrary web scripts or HTML. By manipulating the Page Sign parameter, a malicious actor can craft a payload that persists on the affected application, putting users at risk of session hijacking and other web-based attacks.

References

https://github.com/liufee/cms

https://github.com/liufee/cms/issues/82

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31350 Data

JSON