XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
{ "binaries": [ { "binary_name": "epiphany-browser", "binary_version": "3.18.11-0ubuntu1" }, { "binary_name": "epiphany-browser-data", "binary_version": "3.18.11-0ubuntu1" } ] }
{ "binaries": [ { "binary_name": "epiphany-browser", "binary_version": "3.28.6-0ubuntu1" }, { "binary_name": "epiphany-browser-data", "binary_version": "3.28.6-0ubuntu1" } ] }
{ "binaries": [ { "binary_name": "epiphany-browser", "binary_version": "3.36.4-0ubuntu2" }, { "binary_name": "epiphany-browser-data", "binary_version": "3.36.4-0ubuntu2" } ], "availability": "No subscription required" }