anonhaven
Ad

CVE-2026-31354

NONE
Updated Apr 06, 2026
Payload
Parameter Value
Vendor Payload
Public PoC No

Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.

References 2

https://github.com/liufee/cms
cve@mitre.org
https://github.com/liufee/cms/issues/85
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1114

Payload

9.8

CVE-2026-35203

Payload

7.5

CVE-2026-35209

Payload

7.5

CVE-2026-35173

Payload

6.5

CVE-2026-34989

Payload

9.4