Search criteria
2 vulnerabilities found for w3m by w3m project
JVNDB-2003-000030
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
w3m Vulnerability of Unauthorized Access to Files or Cookies
Details
w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000030",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6794",
"@id": "6794",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/11266",
"@id": "11266",
"@source": "XF"
}
],
"title": "w3m Vulnerability of Unauthorized Access to Files or Cookies"
}
JVNDB-2003-000029
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
w3m Cross-Site Scripting Vulnerability
Details
w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000029",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6793",
"@id": "6793",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/10842",
"@id": "10842",
"@source": "XF"
},
{
"#text": "http://www.osvdb.org/6981",
"@id": "6981",
"@source": "OSVDB"
}
],
"title": "w3m Cross-Site Scripting Vulnerability"
}