View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2021-45085 not yet assigned priority: Debian including 1 source packages (epiphany-browser), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.