CVE-2022-34140

Description

A stored cross-site scripting (XSS) vulnerability in `/index.php?r=site%2Fsignup` of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.

Affected packages (1)

• Packagist/feehi/cmsfrom 0, <= 2.1.1

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-34140
• PATCHhttps://github.com/liufee/cms
• WEBhttp://packetstormsecurity.com/files/168012/Feehi-CMS-2.1.1-Cross-Site-Scripting.html
• WEBhttps://github.com/liufee/cms/issues/61