PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.
References
| Link | Resource |
|---|---|
| https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ | Vendor Advisory |
| https://www.phpsugar.com/phpmelody.html | Product |
| https://www.vulncheck.com/advisories/php-melody-non-persistent-cross-site-scripting-via-multiple-parameters | Third Party Advisory |
| https://www.vulnerability-lab.com/get_content.php?id=2290 | Exploit Third Party Advisory |
| https://www.vulnerability-lab.com/get_content.php?id=2290 | Exploit Third Party Advisory |
Configurations
History
12 Feb 2026, 16:20
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ - Vendor Advisory | |
| References | () https://www.phpsugar.com/phpmelody.html - Product | |
| References | () https://www.vulncheck.com/advisories/php-melody-non-persistent-cross-site-scripting-via-multiple-parameters - Third Party Advisory | |
| References | () https://www.vulnerability-lab.com/get_content.php?id=2290 - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:phpsugar:php_melody:3.0:*:*:*:*:*:*:* | |
| First Time |
Phpsugar
Phpsugar php Melody |
03 Feb 2026, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.vulnerability-lab.com/get_content.php?id=2290 - |
01 Feb 2026, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-01 13:15
Updated : 2026-02-12 16:20
NVD link : CVE-2021-47912
Mitre link : CVE-2021-47912
CVE.ORG link : CVE-2021-47912
JSON object : View
Products Affected
phpsugar
- php_melody
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')