cms
cms copied to clipboard
liufee
Feehi CMS based on yii2
# The steps to reproduce. Login to the website backend as admin, go to "Setting" - "Website Setting" In the "Statics Script" code field, write some attack code,just like `alert(1);`...
# [Parameter Tampering for Read-Only Parameter] #### Severity Score: Low #### CVSS Score: 3.5 Low, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N ## Description FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are...
# [Cross Site Scripting (XSS) in id parameter of Banner Update function] #### Severity Score: Medium #### CVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N ## Description There is a XSS vulnerability in...
# [Remote Code Execution via Unrestricted File Upload in Ad Management] #### Severity Score: Medium #### CVSS Score: 9.6 Critical, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N ## Description FeehiCMS version 2.1.1 allows authenticated remote attackers...
# [ Reverse Tabnabbing due to Improper Security Attributes Configured for External Links] #### Severity Score: Medium #### CVSS Score: 4.6 Medium, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ## Description The external links with `target="_blank"`...
# [Cross Site Scripting (XSS) in username parameter of Admin Log function] #### Severity Score: Medium #### CCVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N ## Description FeehiCMS version 2.1.1 - Improper output...
# [Cross Site Scripting (XSS) in id parameter of User Update function] #### Severity Score: Medium #### CVSS Score: 7.6 High, CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N ## Description There is a XSS vulnerability in...