CVE-2021-45087
published 2021-12-16CVE-2021-45087: XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.49%
70.8th percentile
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | epiphany-browser | < epiphany-browser 41.2-1 (bookworm) | epiphany-browser 41.2-1 (bookworm) |
| gnome | epiphany | < 40.4 | 40.4 |
| gnome | epiphany | >= 41.0 < 41.1 | 41.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
epiphany-browser vulnerabilities
osv·2022-08-10·CVSS 6.1
CVE-2021-45085 [MEDIUM] epiphany-browser vulnerabilities
epiphany-browser vulnerabilities
It was discovered that GNOME Web incorrectly filtered certain strings. A
remote attacker could use this issue to perform cross-site scripting (XSS)
attacks. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-45085,
CVE-2021-45086, CVE-2021-45087)
It was discovered that GNOME Web incorrectly handled certain long page
titles. A remote attacker could use this issue to cause GNOME Web to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-29536)
GHSA
GHSA-vw96-55hq-p2pg: XSS can occur in GNOME Web (aka Epiphany) before 40
ghsa_unreviewed·2021-12-17
CVE-2021-45087 [MEDIUM] CWE-79 GHSA-vw96-55hq-p2pg: XSS can occur in GNOME Web (aka Epiphany) before 40
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
OSV
CVE-2021-45087: XSS can occur in GNOME Web (aka Epiphany) before 40
osv·2021-12-16·CVSS 6.1
CVE-2021-45087 [MEDIUM] CVE-2021-45087: XSS can occur in GNOME Web (aka Epiphany) before 40
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
Ubuntu
GNOME Web vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 6.1
CVE-2022-29536 [MEDIUM] GNOME Web vulnerabilities
Title: GNOME Web vulnerabilities
Summary: Several security issues were fixed in GNOME Web.
It was discovered that GNOME Web incorrectly filtered certain strings. A
remote attacker could use this issue to perform cross-site scripting (XSS)
attacks. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-45085,
CVE-2021-45086, CVE-2021-45087)
It was discovered that GNOME Web incorrectly handled certain long page
titles. A remote attacker could use this issue to cause GNOME Web to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-29536)
Instructions: After a standard system update you need to restart GNOME Web to make all
the necessary changes.
Debian
CVE-2021-45087: epiphany-browser - XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when ...
vendor_debian·2021·CVSS 6.1
CVE-2021-45087 [MEDIUM] CVE-2021-45087: epiphany-browser - XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when ...
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
Scope: local
bookworm: resolved (fixed in 41.2-1)
bullseye: resolved (fixed in 3.38.2-1+deb11u1)
forky: resolved (fixed in 41.2-1)
sid: resolved (fixed in 41.2-1)
trixie: resolved (fixed in 41.2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045https://lists.debian.org/debian-lts-announce/2022/08/msg00006.htmlhttps://www.debian.org/security/2022/dsa-5042https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045https://lists.debian.org/debian-lts-announce/2022/08/msg00006.htmlhttps://www.debian.org/security/2022/dsa-5042
2021-12-16
Published