Search

Find a vulnerability

Search criteria

    2 vulnerabilities by pressbooks

    CVE-2021-3271 (GCVE-0-2021-3271)

    Vulnerability from nvd – Published: 2021-01-22 17:08 – Updated: 2024-08-03 16:53
    VLAI
    Summary
    PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:16.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pressbooks/pressbooks/pull/2072"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pressbooks/pressbooks"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info\u0027s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-18T18:55:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pressbooks/pressbooks/pull/2072"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pressbooks/pressbooks"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3271",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info\u0027s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pressbooks/pressbooks/pull/2072",
                  "refsource": "MISC",
                  "url": "https://github.com/pressbooks/pressbooks/pull/2072"
                },
                {
                  "name": "https://github.com/pressbooks/pressbooks",
                  "refsource": "MISC",
                  "url": "https://github.com/pressbooks/pressbooks"
                },
                {
                  "name": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/",
                  "refsource": "MISC",
                  "url": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3271",
        "datePublished": "2021-01-22T17:08:20.000Z",
        "dateReserved": "2021-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:53:16.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3271 (GCVE-0-2021-3271)

    Vulnerability from cvelistv5 – Published: 2021-01-22 17:08 – Updated: 2024-08-03 16:53
    VLAI
    Summary
    PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:16.443Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pressbooks/pressbooks/pull/2072"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pressbooks/pressbooks"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info\u0027s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-18T18:55:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pressbooks/pressbooks/pull/2072"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pressbooks/pressbooks"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3271",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info\u0027s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/pressbooks/pressbooks/pull/2072",
                  "refsource": "MISC",
                  "url": "https://github.com/pressbooks/pressbooks/pull/2072"
                },
                {
                  "name": "https://github.com/pressbooks/pressbooks",
                  "refsource": "MISC",
                  "url": "https://github.com/pressbooks/pressbooks"
                },
                {
                  "name": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/",
                  "refsource": "MISC",
                  "url": "https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3271",
        "datePublished": "2021-01-22T17:08:20.000Z",
        "dateReserved": "2021-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:53:16.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }