Vulnerability Details CVE-2021-47912
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.5%
CVSS Severity
CVSS v3 Score 6.4
References
- https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
- https://www.phpsugar.com/phpmelody.html
- https://www.vulncheck.com/advisories/php-melody-non-persistent-cross-site-scripting-via-multiple-parameters
- https://www.vulnerability-lab.com/get_content.php?id=2290
- https://www.vulnerability-lab.com/get_content.php?id=2290
Products affected by CVE-2021-47912
-
cpe:2.3:a:phpsugar:php_melody:3.0