Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooks
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
Permalink: https://github.com/advisories/GHSA-9652-78hp-w58cJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 8 months ago
CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-9652-78hp-w58c, CVE-2021-3271
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3271
- https://github.com/pressbooks/pressbooks/pull/2072
- https://github.com/pressbooks/pressbooks/commit/941a8c5eaeacea5eb211b54ee55bc0348139cbd8
- https://github.com/pressbooks/pressbooks
- https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/
- https://github.com/advisories/GHSA-9652-78hp-w58c
Affected Packages
packagist:pressbooks/pressbooks
Versions: < 5.18.0Fixed in: 5.18.0