Persistent Cross-Site Scripting in Isshue Shopping Cart by BDTask
CVE-2021-47769

5.1MEDIUM

Key Information:

Vendor: Bdtask
Status: Isshue Shopping Cart
Vendor: CVE Published:; 15 January 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-47769?

Isshue Shopping Cart version 3.5 is vulnerable to a persistent cross-site scripting (XSS) attack due to inadequate validation of user input in title fields across stock, customer, and invoice modules. This vulnerability allows attackers with privileged user accounts to inject harmful scripts. When these scripts are executed during the preview stage, it could lead to session hijacking and enable ongoing phishing attacks, compromising user data and platform integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Isshue Shopping Cart 3.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47769 - Proof of Concept

References

https://www.exploit-db.com/exploits/50490

exploit

https://www.vulnerability-lab.com/get_content.php?id=2284

technical-descriptionexploit

https://www.bdtask.com/multi-store-ecommerce-shopping-car...

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

🟡
Public PoC available
Jan 15, 2026
👾
Exploit known to exist
Jan 15, 2026
Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 14, 2026

Credit

Vulnerability-Lab

JSON

Bdtask