Is feehi/cms safe to use?

feehi/cms has 15 known vulnerabilities on the latest version (2.1.1). DepScope rates its health at 15/100 (critical risk).

What is the latest version of feehi/cms?

The latest version of feehi/cms is 2.1.1, released 2020-08-18.

Yes. feehi/cms has 15 known vulnerabilities. See depscope.dev/pkg/composer/feehi/cms for details.

No, feehi/cms is actively maintained. Latest release: 2.1.1 (2020-08-18).

DepScope has no curated alternatives for feehi/cms at this time.

feehi/cms is licensed under BSD-3-Clause.

composerv2.1.1

Feehi CMS Project Template

License BSD-3-Clausepermissive40 versions8 deps

/ 100

Health

do not use

feehi/cms has critical vulnerabilities — do not use

Health breakdown0 – 100

0/25

maintenance

0/20

popularity

0/25

security

12/15

maturity

3/15

community

Vulnerabilities

1 critical1 high13 medium

Advisories (15)

Severity	ID	Summary	Fixed in
medium	CVE-2022-34140	Feehi CMS Cross-site Scripting	—
medium	CVE-2022-43320	FeehiCMS is vulnerable to Cross-Site Scripting (XSS)	—
medium	CVE-2024-8295	FeehiCMS BannerForm[img] unrestricted upload	—
medium	CVE-2022-38796	Feehi CMS host header injection vulnerability	—
medium	CVE-2026-31353	Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Category module	—
medium	CVE-2026-31350	Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Page Sign parameter	—
medium	CVE-2026-31351	Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module	—
critical	CVE-2021-30108	Server-Side Request Forgery in Feehi CMS	—
medium	CVE-2026-31313	Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module	—
medium	CVE-2026-31352	Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module	—
high	CVE-2022-34971	Feehi CMS arbitrary code execution via crafted PHP file	—
medium	CVE-2025-65657	FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management	—
medium	CVE-2024-8296	FeehiCMS User[avatar] unrestricted upload	—
medium	CVE-2026-31354	Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module	—
medium	CVE-2024-8294	FeehiCMS file upload vulnerability	—

Dependencies (8)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/feehi/cms

Last updated · 2020-08-18T00:44:30+00:00