Vulnerability CVE-2021-45087: Information

Description

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-45087

Published: Dec. 16, 2021

Modified: Aug. 19, 2022

Error type identifier: CWE-79

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
epiphany	sisyphus	41.1-alt1	46.0-alt1	ALT-PU-2021-3546-1	292090	Fixed
epiphany	sisyphus_riscv64	41.1-alt1	46.0-alt1	ALT-PU-2021-4608-1	-	Fixed
epiphany	p10	40.6-alt1	40.6-alt1	ALT-PU-2021-3624-1	292094	Fixed
epiphany	p10_e2k	40.6-alt1	40.6-alt1	ALT-PU-2021-4744-1	-	Fixed
epiphany	c10f1	40.6-alt1	40.6-alt1	ALT-PU-2021-3624-1	292094	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045	Patch Vendor Advisory
https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612	Exploit Vendor Advisory
DSA-5042	Third Party Advisory
[debian-lts-announce] 20220818 [SECURITY] [DLA 3074-1] epiphany-browser security update	Mailing List Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*
  Start including
  41.0
  End excliding
  41.1
  cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*
  End excliding
  40.4
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2021-45087: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2