Vulnerability Description
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Epiphany | < 40.4 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612ExploitVendor Advisory
- https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/08/msg00006.htmlMailing ListThird Party Advisory
- https://www.debian.org/security/2022/dsa-5042Third Party Advisory
- https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612ExploitVendor Advisory
- https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/08/msg00006.htmlMailing ListThird Party Advisory
- https://www.debian.org/security/2022/dsa-5042Third Party Advisory
FAQ
What is CVE-2021-45087?
CVE-2021-45087 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
How severe is CVE-2021-45087?
CVE-2021-45087 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45087?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Epiphany, Debian Debian Linux.