feehi 漏洞與 CVE 列表(36)

產品(CPE): — CVE 數: 36

feehi 漏洞概覽

彙總 feehi 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 跨站腳本與SSRF 等問題,部分漏洞可能導致 工作階段劫持,並影響 軟體部署與生產負載 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12036 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-31313 An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field. [email protected] 5.4 0.14% 2026-04-06 2026-07-04
CVE-2026-31354 Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters. [email protected] 5.4 0.21% 2026-04-06 2026-06-17
CVE-2026-31353 An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. [email protected] 5.4 0.17% 2026-04-06 2026-06-17
CVE-2026-31352 An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter. [email protected] 5.4 0.21% 2026-04-06 2026-06-17
CVE-2026-31351 An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. [email protected] 4.8 0.18% 2026-04-06 2026-06-17
CVE-2026-31350 An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter. [email protected] 5.4 0.17% 2026-04-06 2026-06-17
CVE-2025-15264 A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.5 0.35% 2025-12-30 2026-06-17
CVE-2025-65657 FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE). [email protected] 6.5 0.34% 2025-12-02 2026-06-17
CVE-2025-63523 FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes. [email protected] 6.5 0.22% 2025-12-01 2026-06-17
CVE-2025-63522 Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function [email protected] 4.6 0.16% 2025-12-01 2026-06-17
CVE-2025-63520 Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). [email protected] 6.1 0.20% 2025-12-01 2026-06-17
CVE-2024-8296 A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.3 0.76% 2024-08-29 2026-06-17
CVE-2024-8295 A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.3 0.76% 2024-08-29 2026-06-17
CVE-2024-8294 A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.3 0.76% 2024-08-29 2026-06-17
CVE-2020-21489 File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. [email protected] 9.8 1.30% 2023-06-20 2026-06-16
CVE-2020-21174 File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. [email protected] 9.8 1.30% 2023-06-20 2026-06-16
CVE-2022-40373 Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. [email protected] 5.4 0.51% 2022-12-15 2026-06-17
CVE-2022-40002 Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. [email protected] 5.4 0.51% 2022-12-15 2026-06-17
CVE-2022-40001 Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. [email protected] 5.4 0.51% 2022-12-15 2026-06-17
CVE-2022-40000 Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. [email protected] 5.4 0.51% 2022-12-15 2026-06-17
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence