Executive Summary

CVE-2026-31354 is a Stored Cross-Site Scripting (XSS) vulnerability found in Feehi CMS version 2.1.1, specifically in the Permissions module. Authenticated users who have permission to create or manage roles can inject malicious JavaScript code into the Group, Category, or Description fields. This malicious code is stored by the system and later executed when a superadmin visits critical pages, such as the "Create Admin User" page.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to the execution of malicious scripts in the context of an administrator's browser. Specifically, when a superadmin accesses the affected page, the injected script can run and potentially steal sensitive information such as admin cookies. This can result in unauthorized access or privilege escalation within the CMS, compromising the confidentiality of the system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious JavaScript code injected into the Group, Category, or Description fields within the Permissions module of Feehi CMS version 2.1.1.

Since the vulnerability involves stored cross-site scripting (XSS), detection involves inspecting the database or the input fields for suspicious script tags or payloads.

Suggested commands include querying the database for suspicious content in the relevant fields. For example, if using MySQL, you can run:

• SELECT * FROM permissions WHERE Group LIKE '%<script>%' OR Category LIKE '%<script>%' OR Description LIKE '%<script>%';

Additionally, monitoring HTTP requests and responses for injected scripts when authenticated users create or modify permissions can help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the Permissions module to only trusted and necessary users with high privileges.

Ensure that input sanitization and validation are applied to the Group, Category, and Description fields to prevent injection of malicious scripts.

If possible, update Feehi CMS to a version where this vulnerability is patched.

As a temporary measure, review and remove any suspicious or unknown permissions that may contain malicious payloads.

Monitor admin user creation activities closely to detect any unusual behavior that might trigger the stored XSS payload.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to execute malicious JavaScript code that can lead to the theft of admin cookies, potentially compromising administrative accounts and sensitive data.

Such unauthorized access and data exposure could result in violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Therefore, this vulnerability may negatively impact compliance with these standards by exposing confidential information and failing to maintain adequate security controls.

Useful 0 Not Useful 0