📄 Description (English)
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
🤖 AI Executive Summary
Feehi CMS v2.1.1 contains an authenticated stored XSS vulnerability in the content creation/editing module that allows attackers to inject malicious scripts. While requiring authentication, the vulnerability poses significant risk to organizations using this CMS for web content management. No patch is currently available, necessitating immediate compensating controls and upgrade planning.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 28, 2026 04:44
🇸🇦 Saudi Arabia Impact Assessment
Saudi government agencies, municipalities, and public sector organizations using Feehi CMS for official websites face elevated risk of content manipulation and defacement. Educational institutions and healthcare facilities managing patient/student information portals are particularly vulnerable. The vulnerability could enable insider threats or compromised administrative accounts to inject malicious content affecting citizens accessing government services. Banking and financial sector websites using this CMS could suffer reputational damage and customer trust erosion.
🏢 Affected Saudi Sectors
Government and Public Administration
Education
Healthcare
Banking and Financial Services
Telecommunications
Energy and Utilities
Media and Publishing
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Audit all Feehi CMS v2.1.1 installations across your organization and document inventory
2. Restrict administrative access to content creation modules to trusted personnel only
3. Implement strict input validation and output encoding on all content fields
4. Enable Web Application Firewall (WAF) rules to detect and block XSS payloads in POST requests
5. Review audit logs for suspicious content modifications in the past 90 days
COMPENSATING CONTROLS:
6. Deploy Content Security Policy (CSP) headers with strict-dynamic and nonce-based script execution
7. Implement HTML sanitization libraries (e.g., DOMPurify) on the frontend before rendering user content
8. Use X-XSS-Protection and X-Content-Type-Options headers
9. Conduct regular security awareness training for content administrators on XSS risks
PATCHING STRATEGY:
10. Contact Feehi development team for security patch timeline
11. Plan immediate migration to patched version or alternative CMS solution
12. If upgrade unavailable, consider disabling the affected content creation module temporarily
DETECTION:
13. Monitor for payloads containing: <script>, javascript:, onerror=, onload=, event handlers
14. Alert on unusual content field modifications by administrative accounts
15. Implement SIEM rules for XSS pattern detection in HTTP POST requests to /content/create and /content/edit endpoints
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع تثبيتات Feehi CMS الإصدار 2.1.1 في المنظمة وتوثيق الجرد
2. تقييد الوصول الإداري لوحدات إنشاء المحتوى للموظفين الموثوقين فقط
3. تطبيق التحقق الصارم من المدخلات وترميز المخرجات على جميع حقول المحتوى
4. تفعيل قواعد جدار حماية تطبيقات الويب لكشف وحجب حمولات XSS
5. مراجعة سجلات التدقيق للتعديلات المريبة على المحتوى في آخر 90 يوماً
الضوابط التعويضية:
6. نشر رؤوس سياسة أمان المحتوى مع تنفيذ النصوص القائمة على nonce
7. تطبيق مكتبات تنظيف HTML على الواجهة الأمامية قبل عرض المحتوى
8. استخدام رؤوس X-XSS-Protection و X-Content-Type-Options
9. إجراء تدريب منتظم على الوعي الأمني لمسؤولي المحتوى
استراتيجية التصحيح:
10. التواصل مع فريق تطوير Feehi لمعرفة جدول زمني للتصحيح الأمني
11. التخطيط للترقية الفورية إلى نسخة مصححة أو حل CMS بديل
12. إذا لم تتوفر ترقية، فكر في تعطيل وحدة إنشاء المحتوى المتأثرة مؤقتاً
الكشف:
13. مراقبة الحمولات التي تحتوي على: <script>، javascript:، onerror=، onload=، معالجات الأحداث
14. التنبيه على تعديلات حقول المحتوى غير العادية من قبل الحسابات الإدارية
15. تطبيق قواعد SIEM للكشف عن أنماط XSS في طلبات HTTP POST
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.7.1.1 - Cryptography Policy
A.8.2.1 - Asset Management
A.12.2.1 - Change Management
A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
Governance (GV) - Security Policy and Risk Management
Protect (PR) - Access Control and Authentication
Protect (PR) - Data Protection and Privacy
Detect (DT) - Security Monitoring and Logging
Respond (RS) - Incident Response and Management
🟡 ISO 27001:2022
A.5.1 - Management Direction for Information Security
A.6.1 - Screening
A.6.2 - Terms and Conditions of Employment
A.7.1 - Physical Entry
A.8.1 - User Endpoint Devices
A.8.2 - Privileged Access Rights
A.12.2 - Change Management
A.12.6 - Management of Technical Vulnerabilities
A.14.2 - Secure Development Policy
🟣 PCI DSS v4.0.1
Requirement 1.1 - Firewall Configuration Standards
Requirement 6.2 - Security Patches
Requirement 6.5.1 - Injection Flaws
Requirement 6.5.7 - Cross-Site Scripting (XSS)
Requirement 11.3 - Penetration Testing
📦 Affected Products / CPE 1 entries
feehi:feehi_cms:2.1.1