kiwi865
kiwi865
# [Parameter Tampering for Read-Only Parameter] #### Severity Score: Low #### CVSS Score: 3.5 Low, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N ## Description FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are...
# [Cross Site Scripting (XSS) in id parameter of Banner Update function] #### Severity Score: Medium #### CVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N ## Description There is a XSS vulnerability in...
# [Remote Code Execution via Unrestricted File Upload in Ad Management] #### Severity Score: Medium #### CVSS Score: 9.6 Critical, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N ## Description FeehiCMS version 2.1.1 allows authenticated remote attackers...
# [ Reverse Tabnabbing due to Improper Security Attributes Configured for External Links] #### Severity Score: Medium #### CVSS Score: 4.6 Medium, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ## Description The external links with `target="_blank"`...
# [Cross Site Scripting (XSS) in username parameter of Admin Log function] #### Severity Score: Medium #### CCVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N ## Description FeehiCMS version 2.1.1 - Improper output...
# [Cross Site Scripting (XSS) in id parameter of User Update function] #### Severity Score: Medium #### CVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N ## Description There is a XSS vulnerability in...
Hi @commenthol , submitted security vulnerability report via email on 14 October 2025. Please acknowledge, thanks.