CVE-2021-47911

low-risk
Published 2026-02-01

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

References (5)

https://codecanyon.net/item/affiliate-pro-affiliate-management-system/12908496
https://jdwebdesigner.com/
https://www.vulncheck.com/advisories/affiliate-pro-reflected-cross-site-scriptin...
https://www.vulnerability-lab.com/get_content.php?id=2281
https://www.vulnerability-lab.com/get_content.php?id=2281
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal