CVE-2020-21146
published 2021-01-26CVE-2020-21146: Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.63%
45.8th percentile
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feehi | cms | >= 0 < 2.0.8.1 | 2.0.8.1 |
| feehi | feehi_cms | — | — |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Feehi CMS vulnerable to Cross-site Scripting in Username Field
ghsa·2022-05-24
CVE-2020-21146 [MEDIUM] CWE-79 Feehi CMS vulnerable to Cross-site Scripting in Username Field
Feehi CMS vulnerable to Cross-site Scripting in Username Field
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
OSV
Feehi CMS vulnerable to Cross-site Scripting in Username Field
osv·2022-05-24
CVE-2020-21146 [MEDIUM] Feehi CMS vulnerable to Cross-site Scripting in Username Field
Feehi CMS vulnerable to Cross-site Scripting in Username Field
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
Chrome
Stable Channel Update for Desktop: CVE-2021-21145
vendor_chrome·2021-02-02·CVSS 8.8
CVE-2021-21145 [HIGH] Stable Channel Update for Desktop: CVE-2021-21145
Stable Channel Update for Desktop
CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03 [$TBD][ 1161705 ] High CVE-2021-21146: Use after free in Navigation
Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24 [$5000][ 1162942 ] Medium CVE-2021-21147: Inappropriate implementation in Skia
Severity: high
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-26
Published