EIP-2026-110727
PRE-CVEPHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110727. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary This is a working proof-of-concept for a non-persistent XSS vulnerability in PHP Melody v3.0, affecting the 'moved', 'username', and 'keyword' parameters in multiple admin panel files. The exploit demonstrates script injection via crafted GET requests.
Description
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
Exploits (1)
exploitdb
WORKING POC
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/50486
This is a working proof-of-concept for a non-persistent XSS vulnerability in PHP Melody v3.0, affecting the 'moved', 'username', and 'keyword' parameters in multiple admin panel files. The exploit demonstrates script injection via crafted GET requests.
Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
PHP Melody v3.0
No auth needed
Prerequisites:
Access to the admin panel URLs
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026