CNNVD-202602-025 Information
CNNVD ID
CNNVD-202602-025
Related CVE
- CNNVD Published: 2026-02-01
Description (Chinese)
PHPSUGAR PHP Melody是PHPSUGAR公司的一个内容管理系统。 PHPSUGAR PHP Melody 3.0版本存在跨站脚本漏洞,该漏洞源于类别、导入和用户导入文件中存在多个非持久性跨站脚本漏洞,可能导致攻击者注入恶意脚本。
Description (English)
PHPSUGAR PHP Melody is a content management system for PHPSUGAR. Version 3.0 of PHPSUGAR PHP Melody has a cross-site script loophole, which stems from multiple non-persistent cross-site script holes in category, import and user-import files, which may result in the offender being injected into a malicious script.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
PHPSUGAR
Published
2026-02-01
Last Modified
2026-02-24
References
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ https://www.phpsugar.com/phpmelody.html https://www.vulncheck.com/advisories/php-melody-non-persistent-cross-site-scripting-via-multiple-parameters https://www.vulnerability-lab.com/get_content.php?id=2290
Patch
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
Share on: