Ghostwire

CVE-2021-47950: Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration...

MEDIUM CVSS 5.0

Published: May 10, 2026 | Last Modified: May 11, 2026

Description

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s_emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in the s_emotion field, which executes when administrators view the smilies tab.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2021-47950
www.tenable.com/cve/CVE-2021-47950