PT-2021-24197 · Gnome+3 · Gnome Web+3

Published

2021-12-16

Updated

2024-06-15

CVE-2021-45085

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: GNOME Web (aka Epiphany) versions prior to 40.4 GNOME Web (aka Epiphany) versions 41.x prior to 41.1

Description: The issue occurs when a user visits an XSS payload page often enough to place that page on the Most Visited list, allowing XSS to happen via an about: page, as demonstrated by ephy-about:overview.

Recommendations: For versions prior to 40.4, update to version 40.4 or later. For versions 41.x prior to 41.1, update to version 41.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-3546

ALT-PU-2021-3624

CVE-2021-45085

DLA-3074-1

DSA-5042-1

MGASA-2022-0053

OESA-2022-1627

OPENSUSE-SU-2024:11690-1

USN-5561-1

Affected Products

Alt Linux

Gnome Web

Linuxmint

Ubuntu

PT-2021-24197 · Gnome+3 · Gnome Web+3

CVE-2021-45085

Weakness Enumeration

Related Identifiers

Affected Products

References · 32