Lucene search
+L

7 matches found

cve
cve
added 2022/04/20 10:37 p.m.135 views

CVE-2022-29536

CVE-2022-29536 affects GNOME Epiphany before 41.4 and 42.x before 42.2. A buffer overflow in the UI process (ephy_string_shorten) can be triggered by a long page title because the UTF-8 ellipsis byte length is not properly accounted for. Impact per referenced advisories is memory corruption/crash...

7.5CVSS7.4AI score0.01952EPSS
cve
cve
added 2021/12/16 2:19 a.m.118 views

CVE-2021-45085

CVE-2021-45085 affects GNOME Web (Epiphany) where XSS is possible via an about: page. The issue occurs in Epiphany builds prior to 40.4 and 41.x prior to 41.1 when a user visits an XSS payload page, e.g., ephy-about:overview, which can land a page on the Most Visited list. Public details in conne...

6.1CVSS5.8AI score0.01485EPSS
cve
cve
added 2021/12/16 2:19 a.m.110 views

CVE-2021-45087

CVE-2021-45087 affects GNOME Web (Epiphany). The vulnerability arises when using View Source mode or Reader mode, allowing an XSS payload via the page title. Affected component is Epiphany/GNOME Web; root cause is improper handling in those modes leading to script execution. Impact is XSS under t...

6.1CVSS5.9AI score0.01485EPSS
cve
cve
added 2021/12/16 2:19 a.m.107 views

CVE-2021-45086

CVE-2021-45086 affects GNOME Web (Epiphany) where a server-provided suggested_filename is used as the pdf_name value in PDF.js, enabling XSS. Affected versions include GNOME Web before 40.4 and 41.x before 41.1; exploitation details and in-the-wild status are not shown in the provided documents. ...

6.1CVSS5.9AI score0.01294EPSS
cve
cve
added 2021/12/16 2:19 a.m.102 views

CVE-2021-45088

CVE-2021-45088 is an XSS vulnerability in GNOME Web (Epiphany) exploitable via an error page, affecting Epiphany/GNOME Web up to versions before 40.4 and 41.x before 41.1. Connected sources confirm this CVE as part of multiple GNOME/Epiphany XSS issues and indicate Debian/Mageia advisories with f...

6.1CVSS5.9AI score0.01417EPSS
cve
cve
added 2023/02/20 12:0 a.m.80 views

CVE-2023-26081

CVE-2023-26081 affects Epiphany (GNOME Web) up to version 43.0, where autofill can exfiltrate passwords from sandboxed content (e.g., CSP sandbox or iframe). Exploitation would require untrusted web content, but attackers could leverage sandbox context to access credentials. Remediation across di...

7.5CVSS7.3AI score0.01228EPSS
cve
cve
added 2005/02/07 5:0 a.m.78 views

CVE-2005-0238

CVE-2005-0238 concerns the International Domain Name (IDN) support in Epiphany, where punycode-encoded domain names decoded in URLs and SSL certificates can be interpreted using homograph characters from other scripts. This enables remote attackers to spoof legitimate domain names and facilitates...

5CVSS6.6AI score0.01552EPSS