All the vulnerabilites related to w3m project - w3m
jvndb-2003-000030
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
w3m Vulnerability of Unauthorized Access to Files or Cookies
Details
w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| w3m project | w3m | |
| Red Hat, Inc. | Red Hat Linux |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000030",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6794",
"@id": "6794",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/11266",
"@id": "11266",
"@source": "XF"
}
],
"title": "w3m Vulnerability of Unauthorized Access to Files or Cookies"
}
jvndb-2003-000029
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
w3m Cross-Site Scripting Vulnerability
Details
w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| w3m project | w3m | |
| Red Hat, Inc. | Red Hat Linux |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000029",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6793",
"@id": "6793",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/10842",
"@id": "10842",
"@source": "XF"
},
{
"#text": "http://www.osvdb.org/6981",
"@id": "6981",
"@source": "OSVDB"
}
],
"title": "w3m Cross-Site Scripting Vulnerability"
}