6.4
CVE-2021-47914
- EPSS 0.3%
- Veröffentlicht 01.02.2026 12:15:48
- Zuletzt bearbeitet 11.02.2026 19:29:24
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpsugar ≫ Php Melody Version3.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.217 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
https://www.phpsugar.com/phpmelody.html
https://www.vulnerability-lab.com/get_content.php?id=2292
https://www.vulncheck.com/advisories/php-melody-persistent-xss-vulnerability-via-edit-video-parameter