exploitDog

CVE-2021-33040

Опубликовано: 17 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.

Ссылки

https://github.com/futurepress/epub.js/blob/5c7f21d648d9d20d44c6c365d164b16871847023/src/managers/views/iframe.js#L373
Third Party Advisory
https://github.com/futurepress/epub.js/commit/ab4dd46408cce0324e1c67de4a3ba96b59e5012e
Patch
Third Party Advisory
https://github.com/futurepress/epub.js/compare/v0.3.88...v0.3.89
Release Notes
Third Party Advisory
https://github.com/futurepress/epub.js/blob/5c7f21d648d9d20d44c6c365d164b16871847023/src/managers/views/iframe.js#L373
Third Party Advisory
https://github.com/futurepress/epub.js/commit/ab4dd46408cce0324e1c67de4a3ba96b59e5012e
Patch
Third Party Advisory
https://github.com/futurepress/epub.js/compare/v0.3.88...v0.3.89
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:futurepress:epub.js:*:*:*:*:*:node.js:*:*

Версия до 0.3.89 (исключая)

EPSS

Процентиль: 53%

0.00307

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-c6rp-xvqv-mwmf

CVSS3: 6.1

github

около 4 лет назад

Cross-site Scripting in epubjs

EPSS

Процентиль: 53%

0.00307

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79