Описание
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-47913
- https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix
- https://www.phpsugar.com/phpmelody.html
- https://www.vulncheck.com/advisories/php-melody-persistent-cross-site-scripting-via-video-editor
- https://www.vulnerability-lab.com/get_content.php?id=2291
Связанные уязвимости
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.