CVE-2021-45086

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: GNOME Web (aka Epiphany) versions prior to 40.4 GNOME Web (aka Epiphany) versions 41.x prior to 41.1

Description: A security issue exists due to the use of a server's suggested filename as the pdf name value in PDF.js, leading to potential XSS.

Recommendations: For versions prior to 40.4, update to version 40.4 or later. For versions 41.x prior to 41.1, update to version 41.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-3546

ALT-PU-2021-3624

CVE-2021-45086

DSA-5042-1

MGASA-2022-0053

OESA-2022-1627

USN-5561-1

Affected Products

Alt Linux

Gnome Web

Linuxmint

Pdf.Js

Ubuntu

CVE-2021-45086

Weakness Enumeration

Related Identifiers

Affected Products

References · 26