CVE-2021-47768 MEDIUM

CVE-2021-47768: ImportExportTools NG 10.0.4 - HTML Injection

Vendor Thundernest

Product ImportExportTools NG

Weakness CWE-79 · XSS

Published January 15, 2026

Last update January 15, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials.

Key dates

02Disclosure timeline

January 15, 2026 CVE published

January 15, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-47768 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-43790 iTop vulnerable to XSS in friendlyname in object details CVE-2024-8967 PWA — easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2024-33693 WordPress Meks Smart Social Widget plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-3019 Cross-site scripting vulnerabilities in KNIME Business Hub web pages