CVE-2021-47911
Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.
| CWE | CWE-79 |
| Vendor | jdwebdesigner |
| Product | affiliate pro |
| Published | Feb 1, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for jdwebdesigner affiliate pro
Be the first to know when new medium vulnerabilities affecting jdwebdesigner affiliate pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
jdwebdesigner / Affiliate Pro
1.7
References
vulnerability-lab.com: https://www.vulnerability-lab.com/get_content.php?id=2281 jdwebdesigner.com: https://jdwebdesigner.com/ codecanyon.net: https://codecanyon.net/item/affiliate-pro-affiliate-management-system/12908496 vulncheck.com: https://www.vulncheck.com/advisories/affiliate-pro-reflected-cross-site-scripting-via-index-module
Credits
Vulnerability-Lab [Research Team]