CVE-2021-47856 MEDIUM

CVE-2021-47856: Easy Cart Shopping Cart 2021 Cross-Site Scripting via Search Parameter

Vendor Netart Media
Product Easy Cart Shopping Cart
Weakness CWE-79 · XSS
Published February 1, 2026
Last update February 2, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content.

Key dates

02Disclosure timeline

February 1, 2026 CVE published
February 2, 2026 Record updated