PT-2021-19875 · Unknown · Pressbooks

Arzola

Published

2021-01-22

Updated

2021-03-29

CVE-2021-3271

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PressBooks version 5.17.3

Description The issue is related to a cross-site scripting (XSS) flaw, specifically a stored XSS. This can be submitted via the Book Info's Long Description Body. Any actions to open or preview the books page will trigger the stored XSS.

Recommendations For PressBooks version 5.17.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Book Info's Long Description Body to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-3271

GHSA-9652-78HP-W58C

Affected Products

Pressbooks

PT-2021-19875 · Unknown · Pressbooks

CVE-2021-3271

Weakness Enumeration

Related Identifiers

Affected Products

References · 10