exploitDog

CVE-2021-47769

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

Ссылки

https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/
Product
https://www.exploit-db.com/exploits/50490
Exploit
Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2284
Third Party Advisory
https://www.exploit-db.com/exploits/50490
Exploit
Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2284
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bdtask:isshue:3.5:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00009

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9ghv-qpxv-wccq

CVSS3: 7.2

github

23 дня назад

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

EPSS

Процентиль: 1%

0.00009

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79