CVE-2021-33040: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
managers/views/iframe.js in FuturePress EPub.js allows XSS.
References
- github.com/advisories/GHSA-c6rp-xvqv-mwmf
- github.com/futurepress/epub.js/blob/5c7f21d648d9d20d44c6c365d164b16871847023/src/managers/views/iframe.js
- github.com/futurepress/epub.js/commit/ab4dd46408cce0324e1c67de4a3ba96b59e5012e
- github.com/futurepress/epub.js/compare/v0.3.88...v0.3.89
- nvd.nist.gov/vuln/detail/CVE-2021-33040
Detect and mitigate CVE-2021-33040 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →