Zero Day MonitorZDM

← Back to list

—

CVE-2026-31354EXPLOITED

n/a · n/a

CVE-2026-31354: Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 a

Description

Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, 2.1.1

References

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-31354 | Feehi CMS 2.1.1 Permissions Group/Category/Description cross site scripting (ID 85)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 6, 2026

Last enriched2h agov2

Tags

XSSPermissions Module

Trending Score47

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-31150EXP

CVE-2026-31150: Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to

CRITICALCVE-2026-31067EXP

CVE-2026-31067: A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7

CRITICALCVE-2026-31151EXP

CVE-2026-31151: An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the appl

CRITICALCVE-2026-31058EXP

CVE-2026-31058: UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of

CRITICALCVE-2026-31060EXP

CVE-2026-31060: UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the form

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Actively Exploited

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026

Updated: affectedVersions, severity, activelyExploited, tags

Apr 6, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated vendor and product information, set severity to HIGH, and marked the vulnerability as actively exploited.

affectedVersionsseverityactivelyExploitedtags

via VulDB

v12h ago

Initial creation