{"package":"feehi/cms","ecosystem":"composer","latest_version":"2.1.1","description":"Feehi CMS Project Template","license":"BSD-3-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"http://cms.feehi.com/","repository":"https://github.com/liufee/cms","downloads_weekly":0,"health":{"score":15,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":0,"maturity":12,"community":3},"deprecated":false,"max_score":100},"vulnerabilities":{"count":15,"critical":1,"high":1,"medium":13,"low":0,"details":[{"vuln_id":"CVE-2022-34140","severity":"medium","summary":"Feehi CMS Cross-site Scripting","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2022-07-29T00:00:47Z","in_kev":false,"epss_prob":0.00314,"epss_percentile":0.54529,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-43320","severity":"medium","summary":"FeehiCMS is vulnerable to Cross-Site Scripting (XSS)","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2022-11-09T19:02:23Z","in_kev":false,"epss_prob":0.00314,"epss_percentile":0.54506,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-8295","severity":"medium","summary":"FeehiCMS BannerForm[img] unrestricted upload","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2024-08-29T12:31:05Z","in_kev":false,"epss_prob":0.00271,"epss_percentile":0.50517,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-38796","severity":"medium","summary":"Feehi CMS host header injection vulnerability","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2022-09-15T00:00:19Z","in_kev":false,"epss_prob":0.00107,"epss_percentile":0.28606,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31353","severity":"medium","summary":"Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Category module","affected_versions":"=2.1.1","fixed_version":null,"source":"osv","published_at":"2026-04-06T18:33:07Z","in_kev":false,"epss_prob":0.00027,"epss_percentile":0.07643,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31350","severity":"medium","summary":"Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Page Sign parameter","affected_versions":"=2.1.1","fixed_version":null,"source":"osv","published_at":"2026-04-06T18:33:07Z","in_kev":false,"epss_prob":0.00032,"epss_percentile":0.09112,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31351","severity":"medium","summary":"Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module","affected_versions":"=2.1.1","fixed_version":null,"source":"osv","published_at":"2026-04-06T18:33:07Z","in_kev":false,"epss_prob":0.0003,"epss_percentile":0.08363,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-30108","severity":"critical","summary":"Server-Side Request Forgery in Feehi CMS","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2021-06-08T20:12:32Z","in_kev":false,"epss_prob":0.00292,"epss_percentile":0.52516,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31313","severity":"medium","summary":"Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module","affected_versions":"=2.1.1","fixed_version":null,"source":"osv","published_at":"2026-04-06T18:33:08Z","in_kev":false,"epss_prob":0.00032,"epss_percentile":0.09112,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31352","severity":"medium","summary":"Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module","affected_versions":"=2.1.1","fixed_version":null,"source":"osv","published_at":"2026-04-06T18:33:07Z","in_kev":false,"epss_prob":0.00032,"epss_percentile":0.09112,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-34971","severity":"high","summary":"Feehi CMS arbitrary code execution via crafted PHP file","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2022-07-28T00:00:53Z","in_kev":false,"epss_prob":0.0078,"epss_percentile":0.7375,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-65657","severity":"medium","summary":"FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2025-12-02T21:31:31Z","in_kev":false,"epss_prob":0.0018,"epss_percentile":0.39341,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-8296","severity":"medium","summary":"FeehiCMS User[avatar]  unrestricted upload","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2024-08-29T15:30:33Z","in_kev":false,"epss_prob":0.00218,"epss_percentile":0.44282,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-31354","severity":"medium","summary":"Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module","affected_versions":"=2.1.1","fixed_version":null,"source":"osv","published_at":"2026-04-06T18:33:07Z","in_kev":false,"epss_prob":0.00025,"epss_percentile":0.07025,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-8294","severity":"medium","summary":"FeehiCMS  file upload vulnerability","affected_versions":"<=2.1.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=0.1.0|=0.1.1|=0.1.2|=0.1.3|=1.0.0-alpha3|=1.0.0alpha1|=1.0.0alpha2|=1.0.0beta1|=1.0.0beta2|=1.0.0beta3|=1.0.0rc1|=1.0.0rc2|=2.0.0|=2.0.1|=2.0.2|=2.0.3|=2.0.4|=2.0.4.1|=2.0.5|=2.0.5.1|=2.0.6|=2.0.7|=2.0.7.1|=2.0.8|=2.0.8.1|=2.1.0|=2.1.0-beta|=2.1.0-beta2|=2.1.0.1|=2.1.0.2|=2.1.1","fixed_version":null,"source":"osv","published_at":"2024-08-29T12:31:05Z","in_kev":false,"epss_prob":0.00218,"epss_percentile":0.44282,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.1.1","total_count":40,"recent":["2.1.1","2.1.0.2","2.1.0.1","2.1.0","2.1.0-beta2","2.1.0-beta","2.0.8.1","2.0.8","2.0.7.1","2.0.7","2.0.6","2.0.5.1","2.0.5","2.0.4.1","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","1.0.0rc2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2020-08-18T00:44:30+00:00","dependencies_count":8,"dependencies":["php","ext-json","ext-mbstring","yiisoft/yii2","yiisoft/yii2-bootstrap","yiisoft/yii2-swiftmailer","feehi/yii2-cdn","yiisoft/yii2-imagine"]},"github_stats":{"stars":531,"forks":178,"open_issues":23,"is_archived":false,"pushed_at":"2022-10-17T01:52:19Z","subscribers_count":57},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (15/100)","1 high severity vulnerabilities","1 critical vulnerabilities"],"use_version":"2.1.1","version_hint":null,"summary":"feehi/cms has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":2080,"avg_days_between_releases":null,"release_velocity":"stale"}}