{"id":"CVE-2021-3271","details":"PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.","aliases":["GHSA-9652-78hp-w58c"],"modified":"2026-04-10T04:33:48.157960Z","published":"2021-02-18T19:15:13.273Z","references":[{"type":"ADVISORY","url":"https://github.com/pressbooks/pressbooks"},{"type":"EVIDENCE","url":"https://www.gosecure.net/blog/2021/02/16/cve-2021-3271-pressbooks-stored-cross-site-scripting-proof-of-concept/"},{"type":"EVIDENCE","url":"https://github.com/pressbooks/pressbooks/pull/2072"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pressbooks/pressbooks","events":[{"introduced":"0"},{"last_affected":"d3275b9c903363cf66d1a344d75b2d7069c7f146"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.17.3"}]}}],"versions":["3.9.10","3.9.7.1","3.9.8.1","3.9.8.2","3.9.9","4.0.0","4.1.0","4.2.0","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.4.0","4.5.0","4.5.1","5.0.0","5.0.1","5.1.0","5.1.1","5.10.0","5.10.1","5.11.0","5.12.0","5.13.0","5.14.0","5.14.1","5.14.2","5.14.3","5.14.4","5.14.5","5.14.6","5.15.0","5.15.1","5.15.2","5.15.3","5.16.0","5.16.1","5.16.2","5.16.3","5.17.0","5.17.1","5.17.2","5.17.3","5.2.0","5.2.1","5.3.0","5.3.1","5.3.2","5.4.0","5.4.1","5.4.2","5.5.0","5.6.0","5.6.1","5.6.2","5.6.3","5.6.4","5.6.5","5.7.1","5.7.2","5.8.0","5.8.1","5.8.2","5.8.3","5.9.0","5.9.1","5.9.2","5.9.3","5.9.4","5.9.5","v2.2.0","v2.2.1","v2.3","v2.3.2","v2.3.3","v2.4.3","v2.4.4","v2.4.5","v2.5","v2.5.1","v2.5.2","v2.5.3","v2.5.4","v2.6","v2.6.5","v2.6.6","v2.6.7","v2.7","v2.7.1","v3.1","v3.1.1","v3.1.2","v3.2.0","v3.3.0","v3.3.1","v3.3.2","v3.4.0","v3.5.0","v3.5.1","v3.5.2","v3.6.0","v3.7.0","v3.7.1","v3.8.0","v3.8.1","v3.9.0","v3.9.1","v3.9.2","v3.9.2.1","v3.9.3","v3.9.4","v3.9.4.1","v3.9.4.2","v3.9.5","v3.9.5.1","v3.9.6","v3.9.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3271.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}