Package epiphany updated to version 41.3-alt1 for branch sisyphus_e2k.

Published: 2021-10-21

BDU:2022-05569

Уязвимость реализации сценария ephy-about:overview веб-браузера Epiphany, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2021-45088

Published: 2021-12-16
Modified: 2024-11-21

CVE-2021-45085

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2021-12-16
Modified: 2024-11-21

CVE-2021-45086

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2021-12-16
Modified: 2024-11-21

CVE-2021-45087

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2021-12-16
Modified: 2024-11-21

CVE-2021-45088

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Version: 2.1.0

Package epiphany update in sisyphus_e2k on 2022-01-22

ALT-PU-2022-3741-1

Closed vulnerabilities

BDU:2022-05569

CVE-2021-45085

CVE-2021-45086

CVE-2021-45087

CVE-2021-45088