Medium severity6.4NVD Advisory· Published May 10, 2026· Updated May 12, 2026
CVE-2021-47950
CVE-2021-47950
Description
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s_emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in the s_emotion field, which executes when administrators view the smilies tab.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 2.4.4
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.