Vulnerabilities > Gnome > Epiphany > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-16 CVE-2021-45085 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
network
gnome debian CWE-79
4.3
2021-12-16 CVE-2021-45086 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
network
gnome debian CWE-79
4.3
2021-12-16 CVE-2021-45087 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
network
gnome debian CWE-79
4.3
2021-12-16 CVE-2021-45088 Cross-site Scripting vulnerability in multiple products
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
network
gnome debian CWE-79
4.3
2018-06-07 CVE-2018-12016 Unspecified vulnerability in Gnome Epiphany
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
network
low complexity
gnome
5.0
2018-05-23 CVE-2018-11396 Unspecified vulnerability in Gnome Epiphany
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
network
low complexity
gnome
5.0
2017-07-17 CVE-2017-1000025 Information Exposure vulnerability in Gnome Epiphany
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
network
low complexity
gnome CWE-200
5.0
2010-10-14 CVE-2010-3312 Remote Security vulnerability in Epiphany 2.28/2.29
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
network
gnome
5.8
2009-01-28 CVE-2008-5985 Remote Command Execution vulnerability in Gnome Epiphany 2.22.3
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
local
gnome
6.9
2005-05-02 CVE-2005-0238 The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
network
low complexity
gnome mozilla omnigroup opera
5.0