Cross-Site Scripting Vulnerability in GNOME Web by GNOME
CVE-2021-45088

6.1MEDIUM

Key Information:

Vendor
Gnome
Status
Epiphany
Vendor
CVE Published:
16 December 2021

Summary

A Cross-Site Scripting vulnerability was discovered in GNOME Web (Epiphany) prior to version 40.4 and in 41.x before version 41.1, allowing attackers to inject malicious scripts through error pages. This can lead to unauthorized access to user data and potential exploitation of users' browsers. Users are advised to upgrade to the latest versions to mitigate risks associated with this vulnerability.

References

https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
x_refsource_MISC
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/...
x_refsource_MISC
https://www.debian.org/security/2022/dsa-5042
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.