CVE-2021-47769 MEDIUM

CVE-2021-47769: Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)

Vendor Bdtask

Product Isshue Shopping Cart

Weakness CWE-79 · XSS

Published January 15, 2026

Last update January 26, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

Key dates

02Disclosure timeline

January 15, 2026 CVE published

January 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-47769

Related vulnerabilities

04Related CVE

CVE-2024-11462 Filestack Official <= 2.1.0 - Reflected Cross-Site Scripting CVE-2020-3121 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability CVE-2025-53865 CVE-2023-50828 WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS) CVE-2021-36885 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability