CVE-2021-3271

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pressbooks:pressbooks:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:21

Type Values Removed Values Added
References () https://github.com/pressbooks/pressbooks - Third Party Advisory () https://github.com/pressbooks/pressbooks - Third Party Advisory
References () https://github.com/pressbooks/pressbooks/pull/2072 - Exploit, Third Party Advisory () https://github.com/pressbooks/pressbooks/pull/2072 - Exploit, Third Party Advisory
References () https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/ - Exploit, Third Party Advisory () https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/ - Exploit, Third Party Advisory

Information

Published : 2021-02-18 19:15

Updated : 2024-11-21 06:21


NVD link : CVE-2021-3271

Mitre link : CVE-2021-3271

CVE.ORG link : CVE-2021-3271


JSON object : View

Products Affected

pressbooks

  • pressbooks
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')