Vulnerabilities ›

CVE-2026-31352

Medium ⚡ Exploit Available

CWE-79 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 9, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.

🤖 AI Executive Summary

CVE-2026-31352 is an authenticated stored XSS vulnerability in Feehi CMS v2.1.1's Role Management module that allows attackers with valid credentials to inject malicious scripts via the Role Name parameter. While requiring authentication, the stored nature of this vulnerability means injected payloads persist and execute for all users viewing affected roles, potentially leading to session hijacking, credential theft, or administrative account compromise. With exploit code publicly available and no patch currently released, immediate mitigation is critical for organizations using this CMS.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 28, 2026 02:41

🇸🇦 Saudi Arabia Impact Assessment

Saudi government agencies, educational institutions, and small-to-medium enterprises using Feehi CMS for content management face significant risk. Government sector (NCA oversight) is particularly vulnerable due to potential exposure of administrative functions and sensitive role-based access controls. Healthcare organizations using this CMS for patient information portals could face data confidentiality breaches. Telecom and financial services sectors using Feehi for internal portals risk administrative account compromise and lateral movement within networks. The stored XSS nature means persistent compromise of all users accessing the affected CMS instance.

🏢 Affected Saudi Sectors

Government (NCA-regulated agencies) Healthcare (patient portals, medical records systems) Education (university content management) Telecommunications (internal portals) Financial Services (internal banking portals) Energy (ARAMCO subsidiaries using CMS) Small-to-Medium Enterprises (general web presence)

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application (authenticated but exploitable) T1598 - Phishing (XSS can be used for credential harvesting) T1056 - Input Capture (session hijacking via XSS) T1539 - Steal Web Session Cookie (XSS payload extraction) T1021 - Remote Services (lateral movement after admin compromise) T1098 - Account Manipulation (privilege escalation via role modification)

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Feehi CMS v2.1.1 instances in your environment using asset discovery tools

2. Restrict access to Role Management module to trusted administrators only via network segmentation or WAF rules

3. Audit all existing roles for suspicious payloads in Role Name fields; export and review role configurations

4. Monitor for XSS indicators: check browser console errors, network requests to external domains, unusual JavaScript execution

COMPENSATING CONTROLS (until patch available):

5. Implement Web Application Firewall (WAF) rules to block common XSS payloads in POST/PUT requests to /role* endpoints

6. Deploy Content Security Policy (CSP) headers: Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'

7. Enable HTTP-only and Secure flags on session cookies to prevent JavaScript access

8. Implement input validation at application level: sanitize Role Name field to allow only alphanumeric characters, hyphens, underscores

DETECTION RULES:

9. Monitor for payloads containing: <script>, javascript:, onerror=, onload=, eval(, alert(

10. Log all Role Management module access and changes; alert on modifications by non-admin accounts

11. Use SIEM to detect multiple failed authentication attempts followed by role modifications

12. Implement file integrity monitoring on CMS configuration files

UPGRADE PLANNING:

13. Contact Feehi CMS vendor for patch timeline; prepare upgrade testing environment

14. Consider migrating to alternative CMS solutions if vendor support is inadequate

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حدد جميع مثيلات Feehi CMS v2.1.1 في بيئتك باستخدام أدوات اكتشاف الأصول

2. قيد الوصول إلى وحدة إدارة الأدوار للمسؤولين الموثوقين فقط عبر تقسيم الشبكة أو قواعد جدار الحماية

3. تدقيق جميع الأدوار الموجودة للحمولات المريبة في حقول اسم الدور؛ تصدير ومراجعة تكوينات الأدوار

4. مراقبة مؤشرات XSS: تحقق من أخطاء وحدة تحكم المتصفح، الطلبات إلى النطاقات الخارجية، تنفيذ JavaScript غير المعتاد

الضوابط التعويضية (حتى توفر التصحيح):

5. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر حمولات XSS الشائعة في طلبات POST/PUT إلى نقاط نهاية /role*

6. نشر رؤوس سياسة أمان المحتوى (CSP): Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'

7. تفعيل أعلام HTTP-only و Secure على ملفات تعريف الجلسة لمنع وصول JavaScript

8. تنفيذ التحقق من الإدخال على مستوى التطبيق: تطهير حقل اسم الدور للسماح فقط بأحرف أبجدية رقمية وواصلات وشرطات سفلية

قواعد الكشف:

9. مراقبة الحمولات التي تحتوي على: <script>، javascript:، onerror=، onload=، eval(، alert(

10. تسجيل جميع عمليات الوصول والتغييرات في وحدة إدارة الأدوار؛ تنبيه التعديلات من قبل حسابات غير إدارية

11. استخدم SIEM للكشف عن محاولات مصادقة فاشلة متعددة متبوعة بتعديلات الأدوار

12. تنفيذ مراقبة سلامة الملفات على ملفات تكوين نظام إدارة المحتوى

تخطيط الترقية:

13. اتصل بمورد Feehi CMS للحصول على جدول زمني للتصحيح؛ جهز بيئة اختبار الترقية

14. فكر في الهجرة إلى حلول نظام إدارة محتوى بديلة إذا كان دعم البائع غير كافٍ

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies (access control to CMS modules) A.6.1.2 - User Access Management (role-based access control integrity) A.7.1.1 - Physical and Environmental Security (logical access controls) A.12.2.1 - Change Management (CMS configuration changes must be logged) A.12.4.1 - Event Logging (detection and monitoring of XSS attempts)

🔵 SAMA CSF

ID.AM-2 - Asset Management (inventory Feehi CMS instances) PR.AC-1 - Access Control (restrict Role Management module access) PR.PT-1 - Protection Processes (implement WAF and CSP controls) DE.CM-1 - Detection and Analysis (monitor for XSS payloads) DE.AE-1 - Anomalies and Events (alert on suspicious role modifications)

🟡 ISO 27001:2022

A.5.1.1 - Information security policies and procedures A.6.1.2 - User registration and access rights management A.8.1.1 - User endpoint devices (browser security controls) A.12.4.1 - Event logging (XSS detection and forensics) A.14.2.1 - Secure development policy (input validation requirements)

🟣 PCI DSS v4.0.1

Requirement 6.5.1 - Injection flaws (XSS is injection vulnerability) Requirement 6.5.7 - Cross-site scripting (XSS) prevention Requirement 10.2.1 - User access logging (role modification tracking)

🔗 References & Sources 2

🔗

https://github.com/liufee/cms

cve@mitre.org

Product

🔗

https://github.com/liufee/cms/issues/83

cve@mitre.org

Exploit Issue Tracking Mitigation

📦 Affected Products / CPE 1 entries

feehi:feehi_cms:2.1.1

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.4

CWECWE-79

EPSS0.02%

Exploit ✓ Yes

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-31352

Introduce Yourself

Sign In Required