PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
References
Link | Resource |
---|---|
https://github.com/pressbooks/pressbooks | Third Party Advisory |
https://github.com/pressbooks/pressbooks/pull/2072 | Exploit Third Party Advisory |
https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/ | Exploit Third Party Advisory |
https://github.com/pressbooks/pressbooks | Third Party Advisory |
https://github.com/pressbooks/pressbooks/pull/2072 | Exploit Third Party Advisory |
https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pressbooks/pressbooks - Third Party Advisory | |
References | () https://github.com/pressbooks/pressbooks/pull/2072 - Exploit, Third Party Advisory | |
References | () https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/ - Exploit, Third Party Advisory |
Information
Published : 2021-02-18 19:15
Updated : 2024-11-21 06:21
NVD link : CVE-2021-3271
Mitre link : CVE-2021-3271
CVE.ORG link : CVE-2021-3271
JSON object : View
Products Affected
pressbooks
- pressbooks
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')