CNNVD-202602-023 Information
CNNVD ID
CNNVD-202602-023
Related CVE
- CNNVD Published: 2026-02-01
Description (Chinese)
PHPSUGAR PHP Melody是PHPSUGAR公司的一个内容管理系统。 PHPSUGAR PHP Melody 3.0版本存在跨站脚本漏洞,该漏洞源于edit-video.php的submitted参数存在持久性跨站脚本漏洞,可能导致远程攻击者注入恶意脚本代码。
Description (English)
PHPSUGAR PHP Melody is a content management system for PHPSUGAR. Version 3.0 of PHPSUGAR PHP Melody has a cross-site script loophole that originates from the edit-video.php ’ s sub-committee parameter with a persistent cross-site script gap that may lead to the injection of malicious script codes by remote attackers.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2026-02-01
Last Modified
2026-02-24
References
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ https://www.phpsugar.com/phpmelody.html https://www.vulncheck.com/advisories/php-melody-persistent-xss-vulnerability-via-edit-video-parameter https://www.vulnerability-lab.com/get_content.php?id=2292
Patch
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
Share on: