CVE-2022-40408
published 2022-09-29CVE-2022-40408: FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page…
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.42%
33.7th percentile
FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feehi | feehicms | — | — |
| feehi | feehicms | 0 – 2.0.1.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
osv·2022-09-30
CVE-2022-40408 [MEDIUM] FeehiCMS vulnerable to Cross-Site scripting via crafted payload
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.
GHSA
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
ghsa·2022-09-30
CVE-2022-40408 [MEDIUM] CWE-79 FeehiCMS vulnerable to Cross-Site scripting via crafted payload
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-29
Published