CVE-2021-36572 is a Cross Site Scripting (XSS) vulnerability identified in Feehi CMS versions up to 2.1.1. This vulnerability arises from improper sanitization of user input in the username field on the login page, allowing an attacker to inject and execute arbitrary JavaScript code within the context of the victim's browser session. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. Exploitation does not require prior authentication but does require user interaction, specifically that a victim visits a crafted URL or interacts with malicious content containing the injected script. The CVSS v3.1 base score is 6.1 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). The scope change indicates that the vulnerability affects components beyond the initially vulnerable component, potentially impacting the broader application or user session. No known public exploits or patches are currently documented, but the vulnerability is recognized and tracked by MITRE and enriched by CISA. Feehi CMS is a content management system primarily used in certain web hosting environments, and the vulnerability could allow attackers to steal session cookies, perform phishing, or conduct other malicious activities leveraging the victim's browser privileges within the CMS context.

For European organizations using Feehi CMS, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions. Attackers could exploit the XSS flaw to hijack authenticated sessions, steal sensitive information, or perform actions on behalf of legitimate users. This could lead to unauthorized access to internal resources, data leakage, or defacement of websites. Given that Feehi CMS is a web-facing application, exploitation could be conducted remotely without authentication, increasing the attack surface. The medium severity score reflects moderate risk; however, the actual impact depends on the deployment context. Organizations with public-facing Feehi CMS instances, especially those handling sensitive or regulated data, could face reputational damage, compliance violations (e.g., GDPR), and operational disruptions. The lack of known exploits suggests limited active exploitation currently, but the presence of the vulnerability in login functionality increases the risk of targeted phishing or social engineering attacks leveraging the XSS vector.

To mitigate this vulnerability, European organizations should first identify all instances of Feehi CMS in their environment and verify the version in use. Immediate steps include: 1) Applying any available vendor patches or updates; if no official patch exists, consider upgrading to a version beyond 2.1.1 or contacting the vendor for remediation guidance. 2) Implementing web application firewall (WAF) rules specifically designed to detect and block malicious scripts targeting the username input field on the login page. 3) Employing input validation and output encoding on the username field to neutralize potentially malicious input, ideally at both client and server sides. 4) Conducting security awareness training to alert users about the risks of clicking suspicious links, especially those related to login pages. 5) Monitoring web server logs and application behavior for anomalous requests or script injections targeting the login page. 6) Considering Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the CMS web pages. These measures, combined, reduce the likelihood of successful exploitation and limit potential damage.