Debian has issued an advisory on January 12:
The issues are fixed upstream in 40.4 and 41.1; Debian patched 3.38.2.
Patches available from Debian
Updated package uploaded for Mageia 8.
Updated epiphany package fixes security vulnerabilities:
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list (CVE-2021-45085).
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js (CVE-2021-45086).
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title (CVE-2021-45087).
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page (CVE-2021-45088).
Updated packages in core/updates_testing:
Patches available from Debian =>
Mageia8 X64 Gnome VmWare
No installation issue.
Gnome Web (Epiphany) is working fine.
Tested with streaming web sites and others differents websites without issue.
Giving this an OK based on Comment 2. Validating. Advisory in Comment 1.
An update for this issue has been pushed to the Mageia Updates repository.
Thanks for finding this bug. Visit https://quordlegame.io/ & https://iogamesio.org/ for more details.