w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
CVSS Score
5.0
EPSS Score
0.012
Published
2003-02-19
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
CVSS Score
4.3
EPSS Score
0.011
Published
2002-12-11