This vulnerability involves a stored XSS flaw in Feehi CMS v2.1.1's Category module. Authenticated users can inject crafted payloads into the Name parameter, which are stored and later executed when viewed by other users. The CVSS vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, with partial impact on confidentiality and integrity but no impact on availability. No official patch or remediation level has been published, and no known exploits have been reported.

Successful exploitation could allow an authenticated attacker to execute arbitrary web scripts or HTML in the context of other users, potentially leading to partial disclosure or modification of information. There is no indication of availability impact. The medium CVSS score reflects moderate risk due to the need for authentication and user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, limit user privileges to trusted users only and monitor for suspicious activity related to the Category module inputs. Avoid exposing the vulnerable parameter to untrusted users.