Vulnerabilities ›

CVE-2026-31354

Medium ⚡ Exploit Available

CWE-79 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 9, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.

🤖 AI Executive Summary

Feehi CMS v2.1.1 contains multiple authenticated stored XSS vulnerabilities in the Permissions module that allow attackers to inject malicious scripts through Group, Category, or Description parameters. While requiring authentication, the stored nature of these vulnerabilities means injected payloads persist and execute for all users viewing affected content. With no patch currently available and exploits publicly available, organizations using this CMS face immediate risk of session hijacking, credential theft, and unauthorized administrative actions.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 28, 2026 04:45

🇸🇦 Saudi Arabia Impact Assessment

Saudi government agencies and municipalities using Feehi CMS for content management face significant risk, particularly those managing public-facing portals and administrative systems. The vulnerability could compromise sensitive government communications, citizen data, and administrative workflows. Saudi banking sector organizations using this CMS for customer-facing content management systems could experience credential theft and unauthorized transactions. Healthcare institutions managing patient information through affected CMS instances risk HIPAA-equivalent violations under Saudi healthcare regulations. Small to medium enterprises across all sectors using Feehi CMS are vulnerable to business email compromise and data exfiltration attacks.

🏢 Affected Saudi Sectors

Government and Public Administration Banking and Financial Services Healthcare Telecommunications Education Media and Publishing Small and Medium Enterprises

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1598 - Phishing T1566 - Phishing T1539 - Steal Web Session Cookie T1056 - Input Capture T1059 - Command and Scripting Interpreter T1021 - Remote Services

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all instances of Feehi CMS v2.1.1 in your environment and document their criticality level

2. Restrict administrative access to the Permissions module to only essential personnel

3. Implement Web Application Firewall (WAF) rules to block common XSS payloads in Group, Category, and Description parameters

4. Review audit logs for suspicious permission modifications or unusual script injection attempts

COMPENSATING CONTROLS:

5. Deploy input validation rules that sanitize and escape all user inputs in the Permissions module

6. Implement Content Security Policy (CSP) headers to prevent inline script execution

7. Enable HTTP-only and Secure flags on session cookies to prevent XSS-based session hijacking

8. Conduct immediate security awareness training for administrators on XSS attack vectors

PATCHING STRATEGY:

9. Monitor Feehi CMS official channels for security patches and upgrade to patched version immediately upon release

10. If patch unavailable within 30 days, consider migrating to alternative CMS solutions with active security support

11. Implement output encoding for all dynamically rendered content in the Permissions module

DETECTION RULES:

12. Monitor for HTTP requests containing script tags, event handlers (onclick, onerror), or JavaScript protocols in Group, Category, Description parameters

13. Alert on any modifications to permission settings by non-administrative accounts

14. Track database changes to permission-related tables for unexpected script content

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حدد جميع حالات Feehi CMS الإصدار 2.1.1 في بيئتك وقثّق مستوى أهميتها

2. قيّد الوصول الإداري إلى وحدة الأذونات للموظفين الأساسيين فقط

3. طبّق قواعد جدار حماية تطبيقات الويب (WAF) لحجب حمولات XSS الشائعة في معاملات Group و Category و Description

4. راجع سجلات التدقيق للبحث عن تعديلات أذونات مريبة أو محاولات حقن برامج نصية غير عادية

الضوابط التعويضية:

5. طبّق قواعد التحقق من صحة الإدخال التي تنظف وتهرب جميع مدخلات المستخدم في وحدة الأذونات

6. طبّق رؤوس سياسة أمان المحتوى (CSP) لمنع تنفيذ البرامج النصية المضمنة

7. فعّل أعلام HTTP-only و Secure على ملفات تعريف الارتباط للجلسة لمنع اختطاف الجلسات القائمة على XSS

8. أجرِ تدريباً فوراً على الوعي الأمني للمسؤولين حول متجهات هجوم XSS

استراتيجية التصحيح:

9. راقب القنوات الرسمية لـ Feehi CMS للحصول على تصحيحات أمنية وقم بالترقية إلى الإصدار المصحح فوراً عند إصداره

10. إذا لم يتوفر التصحيح خلال 30 يوماً، فكر في الهجرة إلى حلول CMS بديلة مع دعم أمني نشط

11. طبّق ترميز الإخراج لجميع المحتوى المعروض ديناميكياً في وحدة الأذونات

قواعد الكشف:

12. راقب طلبات HTTP التي تحتوي على علامات البرامج النصية أو معالجات الأحداث (onclick, onerror) أو بروتوكولات JavaScript في معاملات Group و Category و Description

13. أصدر تنبيهات عند أي تعديلات على إعدادات الأذونات من قبل حسابات غير إدارية

14. تتبع التغييرات في قاعدة البيانات للجداول المتعلقة بالأذونات للبحث عن محتوى برامج نصية غير متوقع

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.14.2.1 - Secure development policy and procedures A.14.2.5 - Secure development environment A.12.6.1 - Management of technical vulnerabilities A.12.2.1 - Monitoring and logging of user activities

🔵 SAMA CSF

ID.GV-1 - Organizational processes to manage cybersecurity risk PR.AC-1 - Access control policy and procedures PR.AC-3 - Access enforcement DE.CM-1 - The network is monitored to detect potential cybersecurity events

🟡 ISO 27001:2022

A.14.2.1 - Secure development policy A.14.2.5 - Secure development environment A.12.6.1 - Management of technical vulnerabilities A.8.3.1 - User registration and de-registration A.9.4.3 - Password management system

🟣 PCI DSS v4.0.1

6.5.1 - Injection flaws prevention 6.5.7 - Cross-site scripting (XSS) prevention 11.3 - Penetration testing and vulnerability scanning

🔗 References & Sources 2

🔗

https://github.com/liufee/cms

cve@mitre.org

Product

🔗

https://github.com/liufee/cms/issues/85

cve@mitre.org

Exploit Issue Tracking

📦 Affected Products / CPE 1 entries

feehi:feehi_cms:2.1.1

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.4

CWECWE-79

EPSS0.02%

Exploit ✓ Yes

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-31354

Introduce Yourself

Sign In Required