Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooks
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
Permalink: https://github.com/advisories/GHSA-9652-78hp-w58cJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-9652-78hp-w58c, CVE-2021-3271
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3271
- https://github.com/pressbooks/pressbooks/pull/2072
- https://github.com/pressbooks/pressbooks/commit/941a8c5eaeacea5eb211b54ee55bc0348139cbd8
- https://github.com/pressbooks/pressbooks
- https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/
- https://github.com/advisories/GHSA-9652-78hp-w58c
Blast Radius: 2.3
Affected Packages
packagist:pressbooks/pressbooks
Dependent packages: 3Dependent repositories: 3
Downloads: 36,498 total
Affected Version Ranges: < 5.18.0
Fixed in: 5.18.0
All affected versions: 2.3.4, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0, 3.7.1, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.4.0, 4.5.0, 4.5.1, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.10.0, 5.10.1, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.14.1, 5.14.2, 5.14.3, 5.14.4, 5.14.5, 5.14.6, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.17.0, 5.17.1, 5.17.2, 5.17.3
All unaffected versions: 5.18.0, 5.18.1, 5.18.2, 5.19.0, 5.19.1, 5.20.0, 5.20.1, 5.21.0, 5.22.0, 5.23.0, 5.24.0, 5.25.0, 5.26.0, 5.27.0, 5.27.1, 5.28.0, 5.29.0, 5.30.0, 5.31.0, 5.31.1, 5.32.0, 5.33.0, 5.33.1, 5.34.0, 5.34.1, 5.35.0, 5.35.1, 5.36.0, 5.36.1, 5.37.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 6.4.0, 6.5.0, 6.5.1, 6.6.0, 6.7.0, 6.8.0, 6.9.0, 6.9.1, 6.9.2, 6.9.3, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.14.0, 6.15.0, 6.15.1, 6.15.2, 6.16.0, 6.17.0, 6.17.1, 6.18.0, 6.18.1, 6.18.2, 6.19.0, 6.19.1, 6.19.2, 6.20.0, 6.20.1, 6.20.2