96 matches found
CVE-2021-47915
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...
CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...
CVE-2021-47915
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47914
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...
CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
EUVD-2021-34756
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47915
Summary: CVE-2021-47915 affects PHP Melody 3.0, where the video edit module accepts an unvalidated vid parameter, enabling authenticated users to perform a remote SQL injection. This can lead to arbitrary database queries and potential compromise of the web app and its database management system....
CVE-2021-47915
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47913
CVE-2021-47913 affects PHP Melody 3.0. A persistent cross-site scripting vulnerability exists in the video editor’s WYSIWYG—privileged users can inject malicious scripts, potentially enabling session hijacking and application manipulation. The connected sources describe the flaw consistently but ...
CVE-2021-47914
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...
CVE-2021-47913 PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...
CVE-2021-47913 PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...
CVE-2021-47914
PHP Melody 3.0 is affected by a persistent cross-site scripting (XSS) vulnerability in the edit-video.php submitted parameter. The root cause is a flaw in handling the parameter, allowing an attacker to inject malicious script code that can be executed in a victim’s browser. Reported impacts incl...
EUVD-2021-34757
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...
CVE-2021-47914 PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...
CVE-2021-47912
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...
CVE-2021-47912 PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...
CVE-2021-47912
PHP Melody 3.0 is affected by multiple non-persistent cross-site scripting (XSS) vulnerabilities in the categories, import, and user import components. The root cause is unvalidated/unfiltered parameters leading to client-side script execution and potential hijacking of user sessions. CVSS detail...