CVE-2021-47911
Reflected XSS in Affiliate Pro 1.7 Index Module Inputs
Publication date: 2026-02-01
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jdwebdesigner | affiliate_pro | 1.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47911 is a reflected cross-site scripting (XSS) vulnerability in Affiliate Pro version 1.7, specifically in the index module's input fields such as fullname, username, and email. Attackers can inject malicious scripts into these input parameters, which are then reflected back in the web page response without proper neutralization. This allows the malicious scripts to execute in the victim's browser, enabling client-side attacks and manipulation of browser requests. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to execution of malicious scripts in users' browsers, which may result in session hijacking, phishing attacks, external redirects to malicious sites, and manipulation of application modules. This compromises user interactions and can lead to unauthorized actions performed on behalf of the user. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the index module of Affiliate Pro 1.7, injecting typical XSS payloads such as <script>alert(1337)</script> into the fullname, username, or email parameters and observing if the script executes or is reflected in the response. For example, you can use curl commands to test the vulnerability: curl -X POST -d "username=<script>alert(1337)</script>&fullname=test&[email protected]" http://targetsite/index. If the response reflects the script without proper sanitization, the vulnerability exists. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include patching or updating Affiliate Pro to a version where this vulnerability is fixed. If a patch is not available, implement input validation and output encoding on the fullname, username, and email parameters to neutralize malicious scripts. Additionally, consider applying web application firewall (WAF) rules to block typical XSS payloads targeting these parameters to reduce risk until a permanent fix is applied. [2]