Search

Find a vulnerability

Search criteria

    2 vulnerabilities by w3m project

    JVNDB-2003-000029

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    w3m Cross-Site Scripting Vulnerability
    Details
    w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.",
      "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000029.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:w3m_project:w3m",
          "@product": "w3m",
          "@vendor": "w3m project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:linux",
          "@product": "Red Hat Linux",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2003-000029",
      "sec:references": [
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1335",
          "@id": "CVE-2002-1335",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1335",
          "@id": "CVE-2002-1335",
          "@source": "NVD"
        },
        {
          "#text": "http://www.securityfocus.com/bid/6793",
          "@id": "6793",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/10842",
          "@id": "10842",
          "@source": "XF"
        },
        {
          "#text": "http://www.osvdb.org/6981",
          "@id": "6981",
          "@source": "OSVDB"
        }
      ],
      "title": "w3m Cross-Site Scripting Vulnerability"
    }

    JVNDB-2003-000030

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    w3m Vulnerability of Unauthorized Access to Files or Cookies
    Details
    w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies.",
      "link": "https://jvndb.jvn.jp/en/contents/2003/JVNDB-2003-000030.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:w3m_project:w3m",
          "@product": "w3m",
          "@vendor": "w3m project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:linux",
          "@product": "Red Hat Linux",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2003-000030",
      "sec:references": [
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1348",
          "@id": "CVE-2002-1348",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1348",
          "@id": "CVE-2002-1348",
          "@source": "NVD"
        },
        {
          "#text": "http://www.securityfocus.com/bid/6794",
          "@id": "6794",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/11266",
          "@id": "11266",
          "@source": "XF"
        }
      ],
      "title": "w3m Vulnerability of Unauthorized Access to Files or Cookies"
    }