CVE-2021-45088Cross-site Scripting in Epiphany

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 47.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome EpiphanyDebian Linux
Timeline
PublishedDec 16
Latest updateDec 17

Description

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDgnome/epiphany41.041.1+1

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: gitlab.gnome.orgPatch: gitlab.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-w5vj-23fw-q536: XSS can occur in GNOME Web (aka Epiphany) before 402021-12-17
CVEList
CVE-2021-45088: XSS can occur in GNOME Web (aka Epiphany) before 402021-12-16
OSV
CVE-2021-45088: XSS can occur in GNOME Web (aka Epiphany) before 402021-12-16

📋Vendor Advisories

1
Debian
CVE-2021-45088: epiphany-browser - XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via a...2021
CVE-2021-45088 — Cross-site Scripting in Gnome Epiphany | cvebase