CVE-2002-1335
published 2002-12-11CVE-2002-1335: Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.48%
82.6th percentile
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | w3m | < w3m 0.3.2.2-1 (bookworm) | w3m 0.3.2.2-1 (bookworm) |
| tats | w3m | >= 0 < 0.3.2.2-1 | 0.3.2.2-1 |
| tats | w3m | >= 0 < 0.3.2.2-1 | 0.3.2.2-1 |
| tats | w3m | >= 0 < 0.3.2.2-1 | 0.3.2.2-1 |
| tats | w3m | >= 0 < 0.3.2.2-1 | 0.3.2.2-1 |
| w3m | w3m | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g49v-5ppg-cxcg: Cross-site scripting (XSS) vulnerability in w3m 0
ghsa_unreviewed·2022-04-30
CVE-2002-1335 [MEDIUM] GHSA-g49v-5ppg-cxcg: Cross-site scripting (XSS) vulnerability in w3m 0
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
OSV
CVE-2002-1335: Cross-site scripting (XSS) vulnerability in w3m 0
osv·2002-12-11·CVSS 4.3
CVE-2002-1335 [MEDIUM] CVE-2002-1335: Cross-site scripting (XSS) vulnerability in w3m 0
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
Red Hat
security flaw
vendor_redhat·2002-11-27·CVSS 4.3
CVE-2002-1335 [MEDIUM] security flaw
security flaw
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
Debian
CVE-2002-1335: w3m - Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML ta...
vendor_debian·2002·CVSS 4.3
CVE-2002-1335 [MEDIUM] CVE-2002-1335: w3m - Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML ta...
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
Scope: local
bookworm: resolved (fixed in 0.3.2.2-1)
bullseye: resolved (fixed in 0.3.2.2-1)
forky: resolved (fixed in 0.3.2.2-1)
sid: resolved (fixed in 0.3.2.2-1)
trixie: resolved (fixed in 0.3.2.2-1)
No detection rules found.
No public exploits indexed.
http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200211.month/838.htmlhttp://secunia.com/advisories/8015http://secunia.com/advisories/8016http://secunia.com/advisories/8031http://secunia.com/advisories/8053http://sourceforge.net/project/shownotes.php?release_id=124484http://www.debian.org/security/2003/dsa-249http://www.debian.org/security/2003/dsa-250http://www.debian.org/security/2003/dsa-251http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.htmlhttp://www.osvdb.org/6981http://www.redhat.com/support/errata/RHSA-2003-044.htmlhttp://www.redhat.com/support/errata/RHSA-2003-045.htmlhttp://www.securityfocus.com/bid/6793https://exchange.xforce.ibmcloud.com/vulnerabilities/10842http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200211.month/838.htmlhttp://secunia.com/advisories/8015http://secunia.com/advisories/8016http://secunia.com/advisories/8031http://secunia.com/advisories/8053http://sourceforge.net/project/shownotes.php?release_id=124484http://www.debian.org/security/2003/dsa-249http://www.debian.org/security/2003/dsa-250http://www.debian.org/security/2003/dsa-251http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.htmlhttp://www.osvdb.org/6981http://www.redhat.com/support/errata/RHSA-2003-044.htmlhttp://www.redhat.com/support/errata/RHSA-2003-045.htmlhttp://www.securityfocus.com/bid/6793https://exchange.xforce.ibmcloud.com/vulnerabilities/10842
2002-12-11
Published