CVE-2021-47855

HIGH 7.2

Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.

CWE	CWE-79
Vendor	litespeed technologies
Product	openlitespeed
Published	Jan 21, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for litespeed technologies openlitespeed

Be the first to know when new high vulnerabilities affecting litespeed technologies openlitespeed are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

LiteSpeed Technologies / OpenLiteSpeed

1.7.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49727 openlitespeed.org: https://openlitespeed.org/ vulncheck.com: https://www.vulncheck.com/advisories/openlitespeed-notes-stored-cross-site-scripting

Credits

cmOs