Vulnerability Database
Blog
FAQ
Docs
CVE-2021-33040
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-33040
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33040.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-33040
Aliases
GHSA-c6rp-xvqv-mwmf
Published
2022-01-17T17:15:07Z
Modified
2025-01-15T01:54:55.403222Z
Severity
6.1 (Medium)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Calculator
Summary
[none]
Details
managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.
References
https://github.com/futurepress/epub.js/commit/ab4dd46408cce0324e1c67de4a3ba96b59e5012e
https://github.com/futurepress/epub.js/blob/5c7f21d648d9d20d44c6c365d164b16871847023/src/managers/views/iframe.js#L373
https://github.com/futurepress/epub.js/compare/v0.3.88...v0.3.89
Affected packages
Git
/
github.com/futurepress/epub.js
Affected ranges
Type
GIT
Repo
https://github.com/futurepress/epub.js
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
ab4dd46408cce0324e1c67de4a3ba96b59e5012e
Fixed
ab4dd46408cce0324e1c67de4a3ba96b59e5012e
Affected versions
0.*
0.1.10
0.1.8
0.2.4
0.2.5
0.2.7
0.2.8
0.2.8.1
0.2.9
alpha-0.*
alpha-0.3.1
v0.*
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.2.0
v0.2.0.1
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.17
v0.2.18
v0.2.19
v0.2.2
v0.2.3
v0.3.66
v0.3.73
v0.3.88
CVE-2021-33040 - OSV