CVE-2021-27969
MEDIUMDolphin CMS 7.4.2 - Stored Cross-Site Scripting via Page Builder Width Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-27969. PoCs published by Piyush Patil.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Boonex Dolphin 7.4.2 by injecting malicious JavaScript into the 'width' parameter of the Pages Builder feature. The payload executes when the page is loaded, stealing cookies via an alert popup.
Description
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
Exploits (1)
exploitdb
WORKING POC
by Piyush Patil · textwebappsphp
https://www.exploit-db.com/exploits/49670
This exploit demonstrates a stored XSS vulnerability in Boonex Dolphin 7.4.2 by injecting malicious JavaScript into the 'width' parameter of the Pages Builder feature. The payload executes when the page is loaded, stealing cookies via an alert popup.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Boonex Dolphin 7.4.2
Auth required
Prerequisites:
Admin access to the target application · Burp Suite or similar intercepting proxy
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://drive.google.com/file/d/1suqBvuoE-3U2QmWpCOXXV4_5rEu_XGJL/view?usp=sharing
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49670
Scores
CVSS v3
4.8
EPSS
0.0067
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
boonex/dolphin
7.4.2
Published
Mar 23, 2021
Tracked Since
Feb 18, 2026