Unrated severityNVD Advisory· Published Feb 1, 2026· Updated Mar 5, 2026
PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter
CVE-2021-47914
Description
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=3.0+ 1 more
- (no CPE)range: =3.0
- (no CPE)range: 3.0
Patches
Vulnerability mechanics
References
4- www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/mitrepatch
- www.vulnerability-lab.com/get_content.phpmitreexploit
- www.vulncheck.com/advisories/php-melody-persistent-xss-vulnerability-via-edit-video-parametermitrethird-party-advisory
- www.phpsugar.com/phpmelody.htmlmitreproduct
News mentions
0No linked articles in our index yet.