CVE-2021-47855
Stored XSS in OpenLiteSpeed Dashboard Notes Allows Admin Script Injection
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openlitespeed | openlitespeed | 1.7.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47855 is a stored cross-site scripting (XSS) vulnerability in OpenLiteSpeed version 1.7.9. It occurs in the dashboard's Notes parameter, where attackers with access to listener configuration can inject malicious scripts. These scripts are stored and later executed when an administrator clicks on the Default Icon in the dashboard, potentially compromising the administrator's session or system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript in the context of an administrator's browser session. This can lead to session hijacking, credential theft, or other malicious actions that compromise the administrator's account and potentially the system managed through the OpenLiteSpeed dashboard. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the 'Notes' parameter in the OpenLiteSpeed dashboard's Listener configuration contains malicious scripts. One way to detect it is to log in to the OpenLiteSpeed dashboard as an administrator, navigate to Listeners > Summary, then select Actions (View) and Edit, and inspect the 'Notes' field for suspicious JavaScript code such as <script> tags. Additionally, monitoring POST requests to /view/confMgr.php with suspicious payloads in the 'note' parameter can help detect exploitation attempts. There are no specific command-line commands provided, but manual inspection via the dashboard and monitoring web requests are suggested. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding clicking on the Default Icon in the OpenLiteSpeed dashboard until the vulnerability is addressed, restricting administrator access to trusted users only, and reviewing and sanitizing the 'Notes' parameter in Listener configurations to remove any injected scripts. Applying any available patches or updates from OpenLiteSpeed that fix this vulnerability is also recommended. Additionally, performing a graceful restart of the server after cleaning the 'Notes' field can help ensure no malicious scripts remain active. [2, 1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.