Vulnerabilities > Phpsugar > PHP Melody > 1.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-15648 | Cross-site Scripting vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | 4.3 |
| 2017-10-18 | CVE-2017-15579 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | 7.5 |
| 2017-10-18 | CVE-2017-15578 | SQL Injection vulnerability in PHPsugar PHP Melody In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | 6.0 |