Errata ALT-PU-2021-3546-1: Information
Fixes
Published: Oct. 21, 2021
BDU:2022-05569
Уязвимость реализации сценария ephy-about:overview веб-браузера Epiphany, позволяющая нарушителю проводить межсайтовые сценарные атаки
Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: Dec. 16, 2021
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2021-45085
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: Dec. 16, 2021
Modified: Jan. 21, 2022
Modified: Jan. 21, 2022
CVE-2021-45086
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: Dec. 16, 2021
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2021-45087
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: Dec. 16, 2021
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2021-45088
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links: