PatchSiren cyber security CVE debrief
CVE-2021-47950 Ampps CVE debrief
CVE-2021-47950 is a persistent cross-site scripting issue reported in Advanced Guestbook 2.4.4's smilies administration interface. An authenticated attacker can submit crafted POST data to admin.php using the s_emotion parameter so that JavaScript is stored and later runs when an administrator opens the smilies tab. Because the payload executes in an administrative browser context, the issue can affect privileged sessions and actions even though the CVSS score is in the medium range.
- Vendor
- Ampps
- Product
- Unknown
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-10
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-05-10
- Advisory updated
- 2026-05-10
Who should care
Administrators and maintainers of Advanced Guestbook 2.4.4, especially teams that expose the admin interface or allow multiple users to manage smilies and other site content.
Technical summary
The supplied source description identifies a persistent CWE-79 XSS in the smilies admin workflow. The NVD record indicates network attack conditions with low privileges and user interaction required (CVSS 4.0 vector includes PR:L and UI:P). The malicious input is carried in s_emotion, stored by admin.php, and rendered when the smilies tab is viewed, which allows script execution in the administrator's browser.
Defensive priority
Medium priority. Raise priority if the admin interface is reachable over the internet, used by multiple administrators, or relied on for routine operations, because the vulnerable path targets a privileged browser session.
Recommended defensive actions
- Restrict access to the Advanced Guestbook admin panel to trusted networks and named administrators.
- Treat the smilies administration interface as untrusted input handling; escape or sanitize s_emotion and related fields before storage and rendering.
- Review whether a fixed version, vendor update, or replacement is available for Advanced Guestbook 2.4.4.
- Clear or revalidate smilies entries if you suspect the application has been tampered with.
- Monitor administrative activity for unexpected content changes or unusual browser-side behavior.
- If the product is no longer maintained, plan migration away from the affected deployment.
Evidence notes
The core evidence comes from the supplied CVE description and the NVD record. The description states that authenticated attackers can inject malicious scripts through s_emotion in admin.php and that execution occurs when administrators view the smilies tab. The NVD metadata lists CWE-79 and a CVSS 4.0 vector that includes low privileges and required user interaction. The corpus also provides public reference URLs for the vendor/product page, Exploit-DB entry 49875, and a VulnCheck advisory.
Official resources
The supplied CVE and NVD timestamps are 2026-05-10T13:16:31.587Z. The NVD source item is marked Received. No KEV listing is provided in the corpus.