CVE-2002-1348 — W3M vulnerability

7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tats W3M W3M

Timeline

PublishedFeb 19

Latest updateApr 30

Description

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiantats/w3m< 0.3.2.2-1+3

▶NVDw3m/w3m12 versions+11

Patches

Patch: www.iss.net ↗Patch: www.redhat.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-fgpf-gj3f-wvmc: w3m before 0↗2022-04-30

▶

CVEList

CVE-2002-1348: w3m before 0↗2004-09-01

▶

OSV

CVE-2002-1348: w3m before 0↗2003-02-19

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-11-27

▶

Debian

CVE-2002-1348: w3m - w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an...↗2002

▶

💬Community

Bugzilla

CVE-2002-1348 security flaw↗2018-08-16

▶