CNNVD-202602-022 Information
CNNVD ID
CNNVD-202602-022
Related CVE
- CNNVD Published: 2026-02-01
Description (Chinese)
PHPSUGAR PHP Melody是PHPSUGAR公司的一个内容管理系统。 PHPSUGAR PHP Melody 3.0版本存在跨站脚本漏洞,该漏洞源于视频编辑器存在持久性跨站脚本漏洞,可能导致特权用户注入恶意脚本。
Description (English)
PHPSUGAR PHP Melody is a content management system for PHPSUGAR. Version 3.0 of PHPSUGAR PHP Melody has a cross-site script loophole, which stems from the presence of a persistent cross-site script loophole in the video editor, which may result in the injection of malicious scripts by privileged users.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
PHPSUGAR
Published
2026-02-01
Last Modified
2026-02-24
References
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ https://www.phpsugar.com/phpmelody.html https://www.vulncheck.com/advisories/php-melody-persistent-cross-site-scripting-via-video-editor https://www.vulnerability-lab.com/get_content.php?id=2291
Patch
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
Share on: