CVE-2021-47914

Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0

Description PHP Melody version 3.0 has a persistent cross-site scripting issue in the edit-video.php file’s submitted parameter. This allows attackers to inject malicious script code. Successful exploitation could lead to the execution of arbitrary JavaScript, potentially resulting in session hijacking, persistent phishing, and manipulation of application modules.

Recommendations Update PHP Melody to a newer version that addresses this vulnerability. As a temporary workaround, sanitize all input to the submitted parameter in the edit-video.php file.