CVE-2021-47835 | THREATINT

Description

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-16 | Updated 2026-01-16 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

1.2.1

affected

Credits

TaurusOmar finder

References

www.vulncheck.com/...freeter-persistent-cross-site-scripting exploit

www.exploit-db.com/exploits/49833 (ExploitDB-49833) exploit

freeter.io/ (Official Freeter Product Homepage) product

imgur.com/a/iBuKWm4 (Proof of Concept Video) exploit

www.vulncheck.com/...freeter-persistent-cross-site-scripting (VulnCheck Advisory: Freeter 1.2.1 - Persistent Cross-Site Scripting) third-party-advisory

cve.org (CVE-2021-47835)

nvd.nist.gov (CVE-2021-47835)

Download JSON