QSearchQSearch

CVE-2021-3271

4.8 MEDIUM

PressBooks 5.17.3 contains a cross-site scripting (XSS)

Published: 2021-02-18 · Last updated: 2026-06-17

Severity and scoring

CVSS
4.8 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE
CWE-79

Affected products

VendorProduct
pressbookspressbooks

Description

PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
  • CVE-2024-30476 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
  • CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
  • CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
  • CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)