Cross-site Scripting in epubjs

Description

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.

Recommendation

Update the epubjs package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.3.89
• Patched version(s): 0.3.89

References

• GHSA-c6rp-xvqv-mwmf
• CVE-2021-33040
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• lobe-chat has an Open Redirect - CVE-2025-59426
• Cross-site Scripting in cesium - CVE-2023-48094
• Command Injection in node-rules - Vulnerability
• Remote Memory Disclosure in ws - CVE-2016-10518

Tags:

npm

epubjs