Miggo Logo

CVE-2021-3271: Stored cross-site scripting in PressBooks

4.8

CVSS Score
3.1

Basic Information

EPSS Score
0.52949%
Published
3/29/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
pressbooks/pressbookscomposer< 5.18.05.18.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient input sanitization in book metadata handling. The commit diff shows sanitize_string() was added as a callback for several fields including pb_about_unlimited (Long Description). Prior to 5.18.0, these fields lacked proper HTML filtering. The proof-of-concept demonstrates that raw HTML/JS in Long Description was stored and executed, indicating missing sanitization in the save workflow. The vulnerable functions are those responsible for processing and storing user input in book metadata without adequate XSS protection.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pr*ss*ooks *.**.* *ont*ins * *ross-sit* s*riptin* (XSS). Stor** XSS **n ** su*mitt** vi* t** *ook In*o's Lon* **s*ription *o*y, *n* *ll **tions to op*n or pr*vi*w t** *ooks p*** will r*sult in t** tri***rin* t** stor** XSS.

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt input s*nitiz*tion in *ook m*t***t* **n*lin*. T** *ommit *i** s*ows s*nitiz*_strin*() w*s ***** *s * **ll***k *or s*v*r*l *i*l*s in*lu*in* p*_**out_unlimit** (Lon* **s*ription). Prior to *.**.*, t**s* *i*l*