CVE-2021-47769

Published: Jan 15, 2026Modified: Jan 26, 2026

5.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

Affected (1)

Products: Bdtask: Isshue

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bdtask Isshue	Version 3.5

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (5)

https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/50490

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.vulnerability-lab.com/get_content.php?id=2284

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.exploit-db.com/exploits/50490

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

https://www.vulnerability-lab.com/get_content.php?id=2284

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party Advisory

Timeline

No history available yet.