CVE-2021-47843 MEDIUM

CVE-2021-47843: Tagstoo 2.0.1 - Stored XSS to RCE

Vendor Tagstoo
Product Tagstoo
Weakness CWE-79 · XSS
Published January 15, 2026
Last update March 5, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer.

Key dates

02Disclosure timeline

January 15, 2026 CVE published
March 5, 2026 Record updated