CVE-2021-47856
Unknown Unknown - Not Provided
Non-Persistent XSS in Easy Cart Search Enables Session Hijack

Publication date: 2026-02-01

Last updated on: 2026-02-01

Assigner: VulnCheck

Description
Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-01
Last Modified
2026-02-01
Generated
2026-06-16
AI Q&A
2026-02-01
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47856
EUVD
EUVD-2021-34764
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netart_media easy_cart 2021
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47856 is a non-persistent (reflected) cross-site scripting (XSS) vulnerability in the Easy Cart Shopping Cart PHP script (2021 version). It affects the `keyword_search` parameter in the search module, which processes POST requests. Remote attackers can inject malicious JavaScript code via this parameter without authentication. When a victim submits a search, the injected script executes on the search results page, allowing attackers to hijack user sessions, perform phishing attacks, redirect users to malicious sites, or manipulate application content. [1]

Impact Analysis

This vulnerability can impact you by allowing remote attackers to inject and execute malicious scripts in users' browsers when they use the search function. This can lead to session hijacking, where attackers take over user sessions, phishing attacks to steal sensitive information, redirects to malicious websites, and unauthorized manipulation of the application content. These impacts can compromise user security and trust in the application. [1]

Detection Guidance

This vulnerability can be detected by sending crafted POST requests to the Easy Cart Shopping Cart's search endpoint (index.php) targeting the `keyword_search` parameter with malicious script payloads. For example, you can use curl to send a POST request with a payload that includes script tags or special characters to see if the response reflects the injected code. A sample command might be: curl -X POST -d "page=products&proceed_search=1&keyword_search=<script>alert(1)</script>" http://your-target-site/index.php. If the response page reflects the injected script without proper sanitization, the vulnerability is present. [1]

Mitigation Strategies

Immediate mitigation steps include applying any available patches or updates from the vendor to fix the reflected XSS vulnerability. If patches are not available, implement input validation and output encoding on the `keyword_search` parameter to prevent script injection. Additionally, consider using Web Application Firewalls (WAF) to block malicious POST requests containing suspicious script payloads targeting the search functionality. Educate users to avoid clicking on suspicious links that exploit this vulnerability until it is resolved. [1]

Compliance Impact

The vulnerability allows remote attackers to inject malicious scripts that can compromise user sessions and manipulate application content. Such session hijacking and unauthorized manipulation of data could lead to breaches of user privacy and data integrity, potentially impacting compliance with standards like GDPR and HIPAA that require protection of personal data and secure user sessions. However, specific impacts on compliance are not detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47856. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart