CVE-2021-47911

Name of the Vulnerable Software and Affected Versions Affiliate Pro version 1.7

Description The software contains multiple reflected cross-site scripting issues within the index module’s input fields. An attacker can inject malicious scripts through the fullname, username, and email parameters. This allows for the execution of client-side attacks and manipulation of browser requests.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the fullname, username, and email parameters within the index module to prevent script injection.