CVE-2021-47911

Description

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-01 | Updated 2026-02-03 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Vulnerability-Lab [Research Team] finder

References

www.vulnerability-lab.com/get_content.php?id=2281 exploit

www.vulnerability-lab.com/get_content.php?id=2281 (Vulnerability Lab Advisory) exploit

jdwebdesigner.com/ (Product Homepage) product

codecanyon.net/...e-pro-affiliate-management-system/12908496 (Product Homepage) product

www.vulncheck.com/...d-cross-site-scripting-via-index-module (VulnCheck Advisory: Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module) third-party-advisory

cve.org (CVE-2021-47911)

nvd.nist.gov (CVE-2021-47911)

Download JSON