CVE-2026-31313
Stored XSS in Feehi CMS 2.1.1 Content Module Allows Script Execution
Publication date: 2026-04-06
Last updated on: 2026-04-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| feehi | feehi_cms | 2.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary scripts that can lead to the theft of sensitive information such as user cookies. This type of vulnerability can compromise the confidentiality of user data, which is a critical aspect of compliance with standards like GDPR and HIPAA.
Since GDPR and HIPAA require protection of personal and sensitive data against unauthorized access and breaches, the presence of this vulnerability could lead to non-compliance if exploited, as it may result in unauthorized disclosure of personal information.
Mitigating this vulnerability by implementing proper input sanitization and filtering is essential to maintain compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-31313 is a Stored Cross-Site Scripting (Stored XSS) vulnerability found in Feehi CMS version 2.1.1. It occurs because authenticated users can create or edit articles without proper sanitization or filtering of the content field. This allows attackers to inject malicious scripts or HTML payloads that are stored persistently in the system's database.
When other users or administrators view the compromised article, the malicious script executes in their browsers, potentially enabling attackers to steal cookies or perform other harmful actions.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary web scripts in the context of your website. Specifically, attackers can steal sensitive information such as user cookies, which may lead to session hijacking or unauthorized access.
Because the malicious payload is stored persistently, every user who views the infected content is at risk, potentially compromising the confidentiality of user data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to create or edit an article as an authenticated user and injecting a crafted XSS payload into the article content field. By submitting the article and then viewing it, you can observe whether the stored XSS payload executes, indicating the presence of the vulnerability.
- Create a new article as an authenticated user.
- Intercept the HTTP request (using tools like Burp Suite or OWASP ZAP) and inject an XSS payload into the article content field.
- Submit the article and then view it to check if the XSS payload executes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing input filtering to sanitize or remove unsafe tags and event handlers from the article content input. Using a whitelist approach to allow only certain safe HTML tags can help prevent malicious scripts from being stored and executed.