How to fix CVE-2021-47908?

Within 30 days: Identify affected systems running the product name parameter that allows remote attackers to i and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.

CVE-2021-47908

MEDIUM

2026-02-01 [email protected]

XSS

6.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

CVE Published

Feb 01, 2026 - 13:15 nvd

MEDIUM 6.4

DescriptionNVD

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions.

AnalysisAI

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. [CVSS 6.4 MEDIUM]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the product name component of product name parameter. Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions.

Affected ProductsAI

Product: product name parameter. Component: product name.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2021-47908 vulnerability details – vuln.today

Back