CVE-2021-47769

MEDIUM

Bdtask Isshue - XSS

Title source: rule

Description

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsmultiple

https://www.exploit-db.com/exploits/50490

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50490

[Third Party Advisory] https://www.vulnerability-lab.com/get_content.php?id=2284

[Product] https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/

Scores

CVSS v3 4.8

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

bdtask/isshue 3.5

Published Jan 15, 2026

Tracked Since Feb 18, 2026