CVE-2021-47769

Name of the Vulnerable Software and Affected Versions Isshue Shopping Cart version 3.5

Description The software contains a persistent cross-site scripting issue in title input fields within the stock, customer, and invoice modules. An attacker with elevated privileges can inject malicious scripts that execute upon preview, potentially leading to session hijacking and persistent phishing attacks. The vulnerability affects the title input fields.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing all user-supplied input for the title fields in the stock, customer, and invoice modules. Restrict access to the affected modules to minimize the risk of exploitation.