4 matches found
CVE-2021-47913
CVE-2021-47913 affects PHP Melody 3.0. A persistent cross-site scripting vulnerability exists in the video editor’s WYSIWYG—privileged users can inject malicious scripts, potentially enabling session hijacking and application manipulation. The connected sources describe the flaw consistently but ...
CVE-2021-47914
PHP Melody 3.0 is affected by a persistent cross-site scripting (XSS) vulnerability in the edit-video.php submitted parameter. The root cause is a flaw in handling the parameter, allowing an attacker to inject malicious script code that can be executed in a victim’s browser. Reported impacts incl...
CVE-2021-47912
PHP Melody 3.0 is affected by multiple non-persistent cross-site scripting (XSS) vulnerabilities in the categories, import, and user import components. The root cause is unvalidated/unfiltered parameters leading to client-side script execution and potential hijacking of user sessions. CVSS detail...
CVE-2021-47915
Summary: CVE-2021-47915 affects PHP Melody 3.0, where the video edit module accepts an unvalidated vid parameter, enabling authenticated users to perform a remote SQL injection. This can lead to arbitrary database queries and potential compromise of the web app and its database management system....