Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jNnJwLXh2cXYtbXdtZs0kBA

Cross-site Scripting in epubjs

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.

Permalink: https://github.com/advisories/GHSA-c6rp-xvqv-mwmf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNnJwLXh2cXYtbXdtZs0kBA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 8 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-c6rp-xvqv-mwmf, CVE-2021-33040
References:

Repository: https://github.com/futurepress/epub.js
Blast Radius: 17.8

Affected Packages

npm:epubjs

Dependent packages: 50
Dependent repositories: 815
Downloads: 48,925 last month
Affected Version Ranges: < 0.3.89
Fixed in: 0.3.89
All affected versions: 0.2.3, 0.2.5, 0.2.11, 0.2.13, 0.2.14, 0.2.15, 0.2.16, 0.2.17, 0.2.18, 0.2.19, 0.2.20, 0.2.21, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.3.12, 0.3.13, 0.3.14, 0.3.15, 0.3.16, 0.3.17, 0.3.18, 0.3.19, 0.3.20, 0.3.21, 0.3.22, 0.3.23, 0.3.24, 0.3.25, 0.3.26, 0.3.27, 0.3.28, 0.3.29, 0.3.30, 0.3.31, 0.3.32, 0.3.33, 0.3.34, 0.3.35, 0.3.36, 0.3.37, 0.3.38, 0.3.39, 0.3.40, 0.3.41, 0.3.42, 0.3.43, 0.3.44, 0.3.45, 0.3.46, 0.3.47, 0.3.48, 0.3.49, 0.3.50, 0.3.51, 0.3.52, 0.3.53, 0.3.54, 0.3.55, 0.3.56, 0.3.57, 0.3.58, 0.3.59, 0.3.60, 0.3.61, 0.3.62, 0.3.63, 0.3.64, 0.3.65, 0.3.66, 0.3.67, 0.3.68, 0.3.69, 0.3.70, 0.3.71, 0.3.72, 0.3.73, 0.3.74, 0.3.75, 0.3.76, 0.3.77, 0.3.78, 0.3.79, 0.3.80, 0.3.81, 0.3.82, 0.3.83, 0.3.84, 0.3.85, 0.3.86, 0.3.87, 0.3.88
All unaffected versions: 0.3.89, 0.3.90, 0.3.91, 0.3.92, 0.3.93, 0.4.0, 0.4.1, 0.4.2