CVE-2021-47924

Name of the Vulnerable Software and Affected Versions Ultimate Product Catalog version 5.8.2

Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts. This is achieved by submitting POST requests to the 'post.php' endpoint using the price parameter to include HTML or JavaScript payloads, which then execute arbitrary code when a product is viewed.

Recommendations As a temporary workaround, restrict or validate the input of the price parameter in the 'post.php' endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.