CVE-2021-47769

EIP tracks 1 public exploit for CVE-2021-47769. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed technical writeup describing a persistent XSS vulnerability in Isshue Shopping Cart v3.5. The vulnerability allows remote attackers with privileged accounts to inject malicious script code via the 'title' parameter in multiple modules, leading to session hijacking or phishing attacks.

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.