PT-2021-7307 · Gnome+1 · Gnome Web+1

Published

2021-10-21

Updated

2024-06-15

CVE-2021-45088

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GNOME Web (aka Epiphany) versions prior to 40.4 GNOME Web (aka Epiphany) versions 41.x prior to 41.1

Description The issue is related to a lack of protection for the web page structure in the Epiphany web browser, specifically in the implementation of the ephy-about:overview script. This can lead to cross-site scripting (XSS) attacks, allowing a remote attacker to conduct inter-site script attacks. The XSS can occur via an error page.

Recommendations For versions prior to 40.4, update to version 40.4 or later. For versions 41.x prior to 41.1, update to version 41.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-3546

ALT-PU-2021-3624

BDU:2022-05569

CVE-2021-45088

DLA-3074-1

DSA-5042-1

MGASA-2022-0053

OESA-2022-1627

OPENSUSE-SU-2024:11690-1

Affected Products

Alt Linux

Gnome Web

PT-2021-7307 · Gnome+1 · Gnome Web+1

CVE-2021-45088

Weakness Enumeration

Related Identifiers

Affected Products

References · 28