0.001 Low
EPSS
Percentile
30.8%
epubjs is vulnerable to cross-site scripting. The library does not properly sanitize the ePub content due to the insecure use of the allowScriptedContent option, which allows sandbox content to run malicious scripts.
ePub
allowScriptedContent
github.com/futurepress/epub.js/blob/5c7f21d648d9d20d44c6c365d164b16871847023/src/managers/views/iframe.js#L373
github.com/futurepress/epub.js/commit/ab4dd46408cce0324e1c67de4a3ba96b59e5012e
github.com/futurepress/epub.js/compare/v0.3.88...v0.3.89
github.com/futurepress/epub.js/pull/1222