CVE-2021-47856 | THREATINT

Description

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content.

PUBLISHED Reserved 2026-01-14 | Published 2026-02-01 | Updated 2026-02-02 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unaffected

2021

affected

Credits

Vulnerability-Lab [Research Team] finder

References

www.vulnerability-lab.com/get_content.php?id=2298 (Vulnerability Lab Advisory) exploit

www.netartmedia.net/easy-cart (Product Homepage) product

www.vulncheck.com/...oss-site-scripting-via-search-parameter (VulnCheck Advisory: Easy Cart Shopping Cart 2021 Cross-Site Scripting via Search Parameter) third-party-advisory

cve.org (CVE-2021-47856)

nvd.nist.gov (CVE-2021-47856)

Download JSON