-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe XSS occurs via username reflection in the admin login page. This typically happens when: 1) The controller passes user-supplied username to the view without sanitization after failed login, and 2) The view template directly outputs the username without context-aware escaping. While exact code isn't available, this pattern matches the described vulnerability and PHP CMS conventions. Confidence is medium due to reliance on common vulnerability patterns rather than direct code observation.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| feehi/feehicms | composer | <= 2.1.1 |
Ongoing coverage of React2Shell