CVE-2021-36572: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 15, 2022 (updated December 19, 2022)

Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.

References

github.com/advisories/GHSA-m54v-gv8p-9pqp
github.com/liufee/cms/issues/58
nvd.nist.gov/vuln/detail/CVE-2021-36572

Detect and mitigate CVE-2021-36572 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →