Lucene search
K
PhpsugarPhp Melody3.0

4 matches found

CVE
CVE
added 2026/02/01 12:15 p.m.15 views

CVE-2021-47913

CVE-2021-47913 affects PHP Melody 3.0. A persistent cross-site scripting vulnerability exists in the video editor’s WYSIWYG—privileged users can inject malicious scripts, potentially enabling session hijacking and application manipulation. The connected sources describe the flaw consistently but ...

6.4CVSS5.9AI score0.00217EPSS
CVE
CVE
added 2026/02/01 12:15 p.m.12 views

CVE-2021-47914

PHP Melody 3.0 is affected by a persistent cross-site scripting (XSS) vulnerability in the edit-video.php submitted parameter. The root cause is a flaw in handling the parameter, allowing an attacker to inject malicious script code that can be executed in a victim’s browser. Reported impacts incl...

6.4CVSS6AI score0.00303EPSS
CVE
CVE
added 2026/02/01 12:15 p.m.11 views

CVE-2021-47912

PHP Melody 3.0 is affected by multiple non-persistent cross-site scripting (XSS) vulnerabilities in the categories, import, and user import components. The root cause is unvalidated/unfiltered parameters leading to client-side script execution and potential hijacking of user sessions. CVSS detail...

6.4CVSS5.9AI score0.00217EPSS
CVE
CVE
added 2026/02/01 12:15 p.m.11 views

CVE-2021-47915

Summary: CVE-2021-47915 affects PHP Melody 3.0, where the video edit module accepts an unvalidated vid parameter, enabling authenticated users to perform a remote SQL injection. This can lead to arbitrary database queries and potential compromise of the web app and its database management system....

8.8CVSS6.2AI score0.00527EPSS