Lucene search

[email protected]CVE-2002-1335

HistoryDec 11, 2002 - 5:00 a.m.

CVE-2002-1335

2002-12-1105:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1335

xss

w3m

vulnerability

web script

html

security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

Affected configurations

NVD

Node

w3mw3mMatch0.3.2

CPENameOperatorVersion
w3m:w3mw3meq0.3.2

CPE	Name	Operator	Version
w3m:w3m	w3m	eq	0.3.2

References

mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200211.month/838.html

secunia.com/advisories/8015

secunia.com/advisories/8016

secunia.com/advisories/8031

secunia.com/advisories/8053

sourceforge.net/project/shownotes.php?release_id=124484

www.debian.org/security/2003/dsa-249

www.debian.org/security/2003/dsa-250

www.debian.org/security/2003/dsa-251

www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html

www.osvdb.org/6981

www.redhat.com/support/errata/RHSA-2003-044.html

www.redhat.com/support/errata/RHSA-2003-045.html

www.securityfocus.com/bid/6793

exchange.xforce.ibmcloud.com/vulnerabilities/10842

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for CVE-2002-1335

cvelist1 nvd1 debiancve1 nessus4 openvas6 redhat1 debian6 securityvulns1 osv2