CVE-2026-31313
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
An authenticated stored XSS vulnerability exists in the creation/editing module of Feehi CMS v2.1.1. Attackers can inject malicious JavaScript or HTML into the Content field, which executes in other users' browsers.
Risk Assessment
Attackers can steal sessions, modify content, or redirect users to malicious sites, compromising data confidentiality and integrity within the CMS.
Recommendation
Update Feehi CMS to the latest version and implement input filtering and encoding for the Content field to prevent script injection.
Original NVD description (English source)
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.

