Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for w3m by w3m project
JVNDB-2003-000030
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
w3m Vulnerability of Unauthorized Access to Files or Cookies
Details
w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000030",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1348",
"@id": "CVE-2002-1348",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6794",
"@id": "6794",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/11266",
"@id": "11266",
"@source": "XF"
}
],
"title": "w3m Vulnerability of Unauthorized Access to Files or Cookies"
}
JVNDB-2003-000029
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
w3m Cross-Site Scripting Vulnerability
Details
w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.",
"link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
"sec:cpe": [
{
"#text": "cpe:/a:w3m_project:w3m",
"@product": "w3m",
"@vendor": "w3m project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux",
"@product": "Red Hat Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2003-000029",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1335",
"@id": "CVE-2002-1335",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/6793",
"@id": "6793",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/10842",
"@id": "10842",
"@source": "XF"
},
{
"#text": "http://www.osvdb.org/6981",
"@id": "6981",
"@source": "OSVDB"
}
],
"title": "w3m Cross-Site Scripting Vulnerability"
}