Primary

Context

Affiliate Pro Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Affiliate Pro version 1.7. This vulnerability exists within the index module, where input fields for fullname, username, and email can be exploited. Attackers can inject malicious scripts through these parameters, leading to client-side attacks and manipulation of browser requests.

Impact

Exploitation of this vulnerability allows for session hijacking, phishing attacks, external redirects to malicious sites, and manipulation of application modules.

Reproduction

To reproduce this vulnerability, send a POST request to the index module with injected script payloads in the fullname, username, and email fields. The injected scripts will be executed in the user's browser, demonstrating the cross-site scripting vulnerability.

Added: Feb 1, 2026, 1:28 PM

Updated: Feb 1, 2026, 1:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.5

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.5

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Affiliate Pro Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating