Vulnerabilities ›

CVE-2021-47855

High

CWE-79 — Weakness Type

                    Published: Jan 21, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.2

🔗 NVD Official

📄 Description (English)

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.

🤖 AI Executive Summary

OpenLiteSpeed 1.7.9 contains a stored XSS vulnerability in the dashboard Notes parameter that allows authenticated administrators to inject malicious scripts. When an administrator clicks the Default Icon, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or further administrative compromise. This vulnerability requires administrative access to exploit but poses significant risk to organizations using OpenLiteSpeed for web hosting and content delivery.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 7, 2026 22:39

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations operating OpenLiteSpeed infrastructure—particularly government agencies, financial institutions, and telecommunications providers managing web services—face risk of administrative account compromise. ARAMCO and energy sector entities using OpenLiteSpeed for operational technology dashboards could experience unauthorized access to critical infrastructure management interfaces. Banking sector (SAMA-regulated) and government (NCA-regulated) organizations hosting customer-facing applications on OpenLiteSpeed are at elevated risk of data exfiltration and service disruption. Telecom operators (STC, Mobily) and hosting providers serving Saudi enterprises could be vectors for supply-chain attacks affecting downstream customers.

🏢 Affected Saudi Sectors

Banking & Financial Services Government & Public Administration Energy & Utilities Telecommunications Healthcare E-commerce & Retail Hosting & Cloud Services

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1598 - Phishing: Spearphishing Link (via XSS payload delivery) T1566 - Phishing: Email Attachment (if Notes exported) T1539 - Steal Web Session Cookie (via XSS session hijacking) T1056 - Keylogging (via injected malicious scripts) T1040 - Network Sniffing (credential capture via XSS) T1021 - Remote Services (lateral movement post-compromise)

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all OpenLiteSpeed 1.7.9 instances in your environment using network scanning and asset inventory tools

2. Restrict administrative dashboard access to trusted IP ranges and require VPN for remote administration

3. Implement Web Application Firewall (WAF) rules to detect and block XSS payloads in Notes parameters

4. Review audit logs for suspicious Notes entries containing script tags, event handlers, or encoded payloads

Patching Guidance:

1. Upgrade OpenLiteSpeed to version 1.7.10 or later immediately

2. Test patches in non-production environments before deployment

3. Coordinate patching with change management to minimize service disruption

Compensating Controls (if immediate patching not possible):

1. Disable or restrict access to the Notes parameter in listener configuration

2. Implement input validation and sanitization at the application level

3. Use Content Security Policy (CSP) headers to prevent inline script execution

4. Enforce multi-factor authentication for all administrative accounts

Detection Rules:

1. Monitor for HTTP POST requests to listener configuration endpoints containing script tags, event handlers (onclick, onerror, onload), or JavaScript protocol handlers

2. Alert on Notes parameter values containing: <script>, javascript:, onerror=, onclick=, onload=, &#x, %3C, %3E

3. Log all administrative dashboard access and correlate with subsequent script execution events

4. Implement SIEM rules to detect stored XSS patterns: /listener/*, Notes parameter, base64-encoded payloads

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع مثيلات OpenLiteSpeed 1.7.9 في بيئتك باستخدام أدوات المسح والمخزون

2. تقييد وصول لوحة التحكم الإدارية إلى نطاقات IP موثوقة وتطلب VPN للإدارة عن بعد

3. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حقن XSS وحجبها

4. مراجعة سجلات التدقيق للبحث عن إدخالات Notes مريبة تحتوي على علامات البرامج النصية

إرشادات التصحيح:

1. ترقية OpenLiteSpeed إلى الإصدار 1.7.10 أو أحدث فوراً

2. اختبار التصحيحات في بيئات غير الإنتاج قبل النشر

3. تنسيق التصحيح مع إدارة التغيير لتقليل انقطاع الخدمة

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تعطيل أو تقييد الوصول إلى معامل Notes في تكوين المستمع

2. تنفيذ التحقق من صحة الإدخال والتطهير على مستوى التطبيق

3. استخدام رؤوس سياسة أمان المحتوى (CSP) لمنع تنفيذ البرامج النصية المضمنة

4. فرض المصادقة متعددة العوامل لجميع الحسابات الإدارية

قواعد الكشف:

1. مراقبة طلبات HTTP POST إلى نقاط نهاية تكوين المستمع التي تحتوي على علامات البرامج النصية

2. التنبيه على قيم معامل Notes التي تحتوي على: <script>، javascript:، onerror=، onclick=

3. تسجيل جميع عمليات الوصول إلى لوحة التحكم الإدارية

4. تنفيذ قواعد SIEM للكشف عن أنماط XSS المخزنة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control: Restrict administrative access to authorized personnel ECC 2024 A.5.2.1 - User Registration and Access Rights: Implement MFA for administrative accounts ECC 2024 A.6.1.2 - Input Validation: Validate and sanitize all user inputs including Notes parameters ECC 2024 A.7.1.1 - Event Logging: Log all administrative dashboard activities and configuration changes ECC 2024 A.8.2.3 - Vulnerability Management: Patch OpenLiteSpeed to latest version

🔵 SAMA CSF

SAMA CSF Governance & Risk Management: Identify and remediate web application vulnerabilities SAMA CSF Information Security: Implement input validation and output encoding controls SAMA CSF Incident Management: Establish detection and response procedures for XSS exploitation SAMA CSF Third-Party Risk: Assess OpenLiteSpeed deployment in critical financial systems

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control: Restrict administrative access and implement MFA ISO 27001:2022 A.5.16 - Identification and Authentication: Enforce strong authentication for admin accounts ISO 27001:2022 A.5.23 - Web Application Security: Implement input validation and output encoding ISO 27001:2022 A.8.1.1 - Vulnerability Management: Maintain patch management program ISO 27001:2022 A.8.2.1 - Configuration Management: Document and control OpenLiteSpeed configurations

🟣 PCI DSS v4.0.1

PCI DSS 6.5.1 - Injection Flaws: Implement input validation to prevent XSS attacks PCI DSS 6.5.7 - Cross-Site Scripting (XSS): Validate and encode all user inputs PCI DSS 6.2 - Security Patches: Maintain current patch levels for all system components PCI DSS 7.1 - Access Control: Restrict access to cardholder data to authorized personnel only

🔗 References & Sources 3

🔗

https://openlitespeed.org/

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/49727

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/openlitespeed-notes-stored-cross-site-scripting

disclosure@vulncheck.com

📊 CVSS Score

7.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.2

CWECWE-79

EPSS0.04%

Exploit No

Patch ✓ Yes

Published 2026-01-21

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2021-47855

💬 Comments

Introduce Yourself

Sign In Required