CVE-2021-47885 in PayPal PRO Payment Terminal
Summary
by MITRE • 02/01/2026
Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phishing attacks.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/03/2026
The vulnerability identified as CVE-2021-47885 represents a critical cross-site scripting flaw affecting multiple payment terminal versions that process billing and payment information. This issue stems from inadequate input validation within the web interfaces of these terminal systems, creating opportunities for malicious actors to inject malicious script code into input fields designed for payment data entry. The vulnerability manifests specifically in the handling of user-supplied data within billing and payment information input fields, where proper sanitization mechanisms are either absent or insufficient to prevent script injection attacks.
The technical nature of this flaw aligns with CWE-79, which categorizes cross-site scripting vulnerabilities as weaknesses in web applications that allow attackers to inject client-side scripts into web pages viewed by other users. The non-persistent characteristic of this vulnerability means that the malicious scripts are executed in the victim's browser without being stored on the server, making the attack vector particularly dangerous for payment terminals that handle sensitive financial data. The vulnerability exists because the payment terminal software fails to properly validate and sanitize user input before rendering it in the web interface, creating a pathway for attackers to manipulate client-side requests through crafted malicious payloads.
The operational impact of CVE-2021-47885 extends beyond simple data manipulation, as it provides attackers with the capability to execute session hijacking attacks and conduct phishing operations against unsuspecting users. When malicious scripts are injected into payment terminal interfaces, attackers can potentially capture session cookies, redirect users to fraudulent sites, or steal sensitive payment information during transaction processing. This vulnerability directly threatens the integrity of payment processing systems and compromises the trust relationship between users and payment terminal operators. The attack surface is particularly concerning given that payment terminals often process sensitive financial data, making successful exploitation potentially devastating for both end users and organizations.
The threat landscape for this vulnerability aligns with ATT&CK technique T1531, which covers "Run-time Application Masking" through the use of cross-site scripting to manipulate application behavior. Security professionals should consider this vulnerability as part of a broader attack chain that could lead to financial fraud, data breaches, and compromise of payment processing infrastructure. Organizations utilizing affected payment terminal versions should prioritize immediate remediation through software updates, input validation improvements, and comprehensive security testing of web interfaces. Additional mitigations include implementing content security policies, deploying web application firewalls, and conducting regular security assessments of payment processing systems to prevent exploitation of similar vulnerabilities in the future.