logo

Database

Server side cross-site scripting In epiphany-browser

Description

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-450862. NVD-2021-450863. OSV-DEBIAN-2021-450864. OSV-2021-450865. SECURITY-TRACKER-CVE-2021-45086

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-ASLB7 – Vulnerability | Fluid Attacks Database