Cross-Site Scripting Vulnerability in GNOME Web by GNOME
CVE-2021-45086

6.1MEDIUM

Key Information:

Vendor
Gnome
Status
Epiphany
Vendor
CVE Published:
16 December 2021

Summary

A Cross-Site Scripting (XSS) vulnerability has been identified in GNOME Web (Epiphany), impacting versions prior to 40.4 and the 41.x series prior to 41.1. This vulnerability arises from the improper handling of server-suggested filenames utilized in PDF.js, which can be exploited by attackers to inject malicious scripts. Users of affected versions may face risks such as unauthorized access and data manipulation when viewing PDF documents. It is crucial to update to the latest versions to mitigate potential threats and enhance security.

References

https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
x_refsource_MISC
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/...
x_refsource_MISC
https://www.debian.org/security/2022/dsa-5042
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.