Stored Cross-Site Scripting Flaw in Feehi CMS Permissions Module
CVE-2026-31354

5.4MEDIUM

Key Information:

Vendor: Feehi
Status: Feehi CMS
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-31354?

Multiple stored cross-site scripting (XSS) vulnerabilities have been identified in the Permissions module of Feehi CMS version 2.1.1. These flaws allow authenticated attackers to inject malicious scripts or HTML into the Group, Category, or Description parameters. If exploited, these vulnerabilities could lead to unauthorized execution of arbitrary web scripts, potentially compromising the security of users and their data.

References

https://github.com/liufee/cms

https://github.com/liufee/cms/issues/85

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31354 Data

JSON