Vulnerability Description
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pressbooks | Pressbooks | <= 5.17.3 |
Related Weaknesses (CWE)
References
- https://github.com/pressbooks/pressbooksThird Party Advisory
- https://github.com/pressbooks/pressbooks/pull/2072ExploitThird Party Advisory
- https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-sExploitThird Party Advisory
- https://github.com/pressbooks/pressbooksThird Party Advisory
- https://github.com/pressbooks/pressbooks/pull/2072ExploitThird Party Advisory
- https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-sExploitThird Party Advisory
FAQ
What is CVE-2021-3271?
CVE-2021-3271 is a vulnerability with a CVSS score of 4.8 (MEDIUM). PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the tri...
How severe is CVE-2021-3271?
CVE-2021-3271 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3271?
Check the references section above for vendor advisories and patch information. Affected products include: Pressbooks Pressbooks.