Detections
Analytics

CVE-2021-47913

medium

Description

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.

References

https://www.vulncheck.com/advisories/php-melody-persistent-cross-site-scripting-via-video-editor

https://www.phpsugar.com/phpmelody.html

https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/

Details

Source: Mitre, NVD

Published: 2026-02-01

Updated: 2026-02-11

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.0003