CVE-2021-47835
HIGHFreeter 1.2.1 - XSS
Title source: llmDescription
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
Exploits (1)
exploitdb
WORKING POC
by TaurusOmar · javascriptwebappsmultiple
https://www.exploit-db.com/exploits/49833
Scores
CVSS v3
7.2
EPSS
0.0004
EPSS Percentile
11.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Published
Jan 16, 2026
Tracked Since
Feb 18, 2026