CVE-2021-47855
Unknown Unknown - Not Provided
Stored XSS in OpenLiteSpeed Dashboard Notes Allows Admin Script Injection

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47855
EUVD
EUVD-2026-3632
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openlitespeed openlitespeed 1.7.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2021-47855 is a stored cross-site scripting (XSS) vulnerability in OpenLiteSpeed version 1.7.9. It occurs in the dashboard's Notes parameter, where attackers with access to listener configuration can inject malicious scripts. These scripts are stored and later executed when an administrator clicks on the Default Icon in the dashboard, potentially compromising the administrator's session or system. [1, 2]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript in the context of an administrator's browser session. This can lead to session hijacking, credential theft, or other malicious actions that compromise the administrator's account and potentially the system managed through the OpenLiteSpeed dashboard. [1, 2]

Detection Guidance

This vulnerability can be detected by checking if the 'Notes' parameter in the OpenLiteSpeed dashboard's Listener configuration contains malicious scripts. One way to detect it is to log in to the OpenLiteSpeed dashboard as an administrator, navigate to Listeners > Summary, then select Actions (View) and Edit, and inspect the 'Notes' field for suspicious JavaScript code such as <script> tags. Additionally, monitoring POST requests to /view/confMgr.php with suspicious payloads in the 'note' parameter can help detect exploitation attempts. There are no specific command-line commands provided, but manual inspection via the dashboard and monitoring web requests are suggested. [2]

Mitigation Strategies

Immediate mitigation steps include avoiding clicking on the Default Icon in the OpenLiteSpeed dashboard until the vulnerability is addressed, restricting administrator access to trusted users only, and reviewing and sanitizing the 'Notes' parameter in Listener configurations to remove any injected scripts. Applying any available patches or updates from OpenLiteSpeed that fix this vulnerability is also recommended. Additionally, performing a graceful restart of the server after cleaning the 'Notes' field can help ensure no malicious scripts remain active. [2, 1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47855. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart