Vulnerability Details CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=104552193927323&w=2
- http://sourceforge.net/project/shownotes.php?release_id=126233
- http://www.debian.org/security/2003/dsa-249
- http://www.debian.org/security/2003/dsa-250
- http://www.debian.org/security/2003/dsa-251
- http://www.iss.net/security_center/static/11266.php
- http://www.redhat.com/support/errata/RHSA-2003-044.html
- http://www.redhat.com/support/errata/RHSA-2003-045.html
- http://www.securityfocus.com/bid/6794
- http://marc.info/?l=bugtraq&m=104552193927323&w=2
- http://sourceforge.net/project/shownotes.php?release_id=126233
- http://www.debian.org/security/2003/dsa-249
- http://www.debian.org/security/2003/dsa-250
- http://www.debian.org/security/2003/dsa-251
- http://www.iss.net/security_center/static/11266.php
- http://www.redhat.com/support/errata/RHSA-2003-044.html
- http://www.redhat.com/support/errata/RHSA-2003-045.html
- http://www.securityfocus.com/bid/6794
Products affected by CVE-2002-1348
-
cpe:2.3:a:w3m:w3m:0.2
-
cpe:2.3:a:w3m:w3m:0.2.1
-
cpe:2.3:a:w3m:w3m:0.2.2
-
cpe:2.3:a:w3m:w3m:0.2.3
-
cpe:2.3:a:w3m:w3m:0.2.4
-
cpe:2.3:a:w3m:w3m:0.2.5
-
cpe:2.3:a:w3m:w3m:0.2.5.1
-
cpe:2.3:a:w3m:w3m:0.3
-
cpe:2.3:a:w3m:w3m:0.3.1
-
cpe:2.3:a:w3m:w3m:0.3.2
-
cpe:2.3:a:w3m:w3m:0.3.2.1
-
cpe:2.3:a:w3m:w3m:0.3.2.2