Описание
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
Ссылки
- ExploitVendor Advisory
- PatchVendor Advisory
- Third Party Advisory
- ExploitVendor Advisory
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 40.4 (исключая)Версия от 41.0 (включая) до 41.1 (исключая)
Одно из
cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 4 лет назад
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
CVSS3: 6.1
debian
около 4 лет назад
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...
github
около 4 лет назад
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
EPSS
Процентиль: 44%
0.00212
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79