Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.
References
| Link | Resource |
|---|---|
| https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/ | Product |
| https://www.exploit-db.com/exploits/50490 | Exploit Third Party Advisory |
| https://www.vulnerability-lab.com/get_content.php?id=2284 | Third Party Advisory |
| https://www.exploit-db.com/exploits/50490 | Exploit Third Party Advisory |
| https://www.vulnerability-lab.com/get_content.php?id=2284 | Third Party Advisory |
Configurations
History
26 Jan 2026, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
21 Jan 2026, 22:26
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Bdtask
Bdtask isshue |
|
| References | () https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/ - Product | |
| References | () https://www.exploit-db.com/exploits/50490 - Exploit, Third Party Advisory | |
| References | () https://www.vulnerability-lab.com/get_content.php?id=2284 - Third Party Advisory | |
| CPE | cpe:2.3:a:bdtask:isshue:3.5:*:*:*:*:*:*:* |
15 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.exploit-db.com/exploits/50490 - | |
| References | () https://www.vulnerability-lab.com/get_content.php?id=2284 - |
15 Jan 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-15 16:16
Updated : 2026-01-26 16:15
NVD link : CVE-2021-47769
Mitre link : CVE-2021-47769
CVE.ORG link : CVE-2021-47769
JSON object : View
Products Affected
bdtask
- isshue
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')