CVE-2021-47912

Опубликовано: 01 фев. 2026

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.

Ссылки

https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
Vendor Advisory
https://www.phpsugar.com/phpmelody.html
Product
https://www.vulncheck.com/advisories/php-melody-non-persistent-cross-site-scripting-via-multiple-parameters
Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2290
Exploit
Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2290
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpsugar:php_melody:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00217

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-f7c7-p5x7-c759

CVSS3: 6.4

github

5 месяцев назад

EPSS

Процентиль: 12%

0.00217

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79