CVE Catalog

CVE-2026-31313

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

An authenticated stored XSS vulnerability exists in the creation/editing module of Feehi CMS v2.1.1. Attackers can inject malicious JavaScript or HTML into the Content field, which executes in other users' browsers.

Risk Assessment

Attackers can steal sessions, modify content, or redirect users to malicious sites, compromising data confidentiality and integrity within the CMS.

Recommendation

Update Feehi CMS to the latest version and implement input filtering and encoding for the Content field to prevent script injection.

Original NVD description (English source)

An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS