This vulnerability involves stored XSS in Feehi CMS v2.1.1's Role Management module, where an authenticated attacker can inject arbitrary web scripts or HTML through the Role Name parameter. The CVSS vector indicates network attack vector, low attack complexity, privileges required, user interaction required, and impacts on confidentiality and integrity but not availability. No patch or official fix has been documented, and no exploits are currently known.

Successful exploitation could allow an attacker with authenticated access to execute arbitrary scripts in the context of the victim's browser, potentially leading to data disclosure or integrity issues within the application. The impact is limited to confidentiality and integrity with no availability impact. Since exploitation requires authentication and user interaction, the risk is moderated.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the Role Management module to trusted users only and monitor for suspicious activity related to role name inputs. Avoid using untrusted input in role names and consider implementing additional input validation or output encoding as a temporary mitigation.