CVE-2025-63520

Medium CVSS: 6.1

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).

Vendor

Product

CWE

Yayın Tarihi

2025-12-01 15:15:50

Güncelleme

2025-12-02 03:06:59

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Feehicms MEDIUM Feehi 2025

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63520.md https://github.com/liufee/cms/issues/74

Medium

CVE-2025-15264

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthum…

Medium

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1…

Medium

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

Medium

CVE-2025-63523

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-o…