CVE-2021-47906

MEDIUM

BloofoxCMS 0.5.2.1 - XSS

Title source: llm

Description

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies.

Exploits (1)

exploitdb WRITEUP

by LiPeiYi · textwebappsphp

https://www.exploit-db.com/exploits/49492

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49492

[Various Sources] https://www.bloofox.com/

[Various Sources] https://github.com/alexlang24/bloofoxCMS/releases

[Third Party Advisory] https://www.vulncheck.com/advisories/bloofoxcms-text-stored-cross-site-scripting

Scores

CVSS v3 6.4

EPSS 0.0004

EPSS Percentile 13.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Jan 23, 2026

Tracked Since Feb 18, 2026