Описание
Stored cross-site scripting in PressBooks
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-3271
- https://github.com/pressbooks/pressbooks/pull/2072
- https://github.com/pressbooks/pressbooks/commit/941a8c5eaeacea5eb211b54ee55bc0348139cbd8
- https://github.com/pressbooks/pressbooks
- https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept
Пакеты
Наименование
pressbooks/pressbooks
composer
Затронутые версииВерсия исправления
< 5.18.0
5.18.0
Связанные уязвимости
CVSS3: 4.8
nvd
почти 5 лет назад
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.