Stored Cross-Site Scripting in OpenLiteSpeed Dashboard by LiteSpeed Technologies
CVE-2021-47855

5.1MEDIUM

Key Information:

Vendor

Litespeed Technologies

Status
Openlitespeed
Vendor
CVE Published:
21 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2021-47855?

OpenLiteSpeed version 1.7.9 contains a vulnerability in the dashboard's Notes parameter that enables stored cross-site scripting (XSS) attacks. This weakness allows attackers to inject malicious scripts through the Notes field during listener configuration. When an administrator interacts with the Default Icon, the injected scripts can be executed, potentially compromising the security of the application and its data.

Affected Version(s)

OpenLiteSpeed 1.7.9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47855 - Proof of Concept

References

https://www.exploit-db.com/exploits/49727
exploit
https://openlitespeed.org/
product
https://www.vulncheck.com/advisories/openlitespeed-notes-...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

cmOs
JSON
.