This vulnerability involves multiple authenticated stored XSS issues in the Permissions module of Feehi CMS version 2.1.1. Attackers with valid credentials can inject crafted payloads into the Group, Category, or Description parameters, which are stored and later executed in users' browsers, potentially allowing arbitrary script execution. The CVSS 3.1 base score is 5.4 (medium severity) with network attack vector, low attack complexity, privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity. No patch or official remediation information is available at this time.

Successful exploitation allows an authenticated attacker to execute arbitrary web scripts or HTML in the context of other users, potentially leading to limited confidentiality and integrity compromise. There is no impact on system availability. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict authenticated user privileges to trusted users only and consider applying input validation or output encoding workarounds if feasible. Monitor vendor channels for updates.