Vulnerability Details CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.5%
CVSS Severity
CVSS v3 Score 6.4
References
- https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
- https://www.phpsugar.com/phpmelody.html
- https://www.vulncheck.com/advisories/php-melody-persistent-cross-site-scripting-via-video-editor
- https://www.vulnerability-lab.com/get_content.php?id=2291
- https://www.vulnerability-lab.com/get_content.php?id=2291
Products affected by CVE-2021-47913
-
cpe:2.3:a:phpsugar:php_melody:3.0