Primary

Context

Feehi CMS Stored Cross-Site Scripting Vulnerability in Role Management Module

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Role Management module of Feehi CMS version 2.1.1. This vulnerability allows authenticated attackers to inject arbitrary web scripts or HTML into the Role Name parameter, which is then executed when an admin views the log. The injected script could potentially steal cookies from other admin users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected role.

Reproduction

To reproduce this vulnerability, an admin user can create a new role and enter a script payload into the Role Name field. Once saved, the role will display the injected script, which will execute and could be used to steal cookies from other admin users.

Remediation

Users are advised to sanitize and filter input in the Role Name parameter to prevent the injection of malicious scripts.

Added: Apr 6, 2026, 4:42 PM

Updated: Apr 6, 2026, 4:42 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

6.5

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

6.5

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Feehi CMS Stored Cross-Site Scripting Vulnerability in Role Management Module

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Feehi CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating