CVE-2002-1335
5.5 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.9%
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
References
mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200211.month/838.html
secunia.com/advisories/8015
secunia.com/advisories/8016
secunia.com/advisories/8031
secunia.com/advisories/8053
sourceforge.net/project/shownotes.php?release_id=124484
www.debian.org/security/2003/dsa-249
www.debian.org/security/2003/dsa-250
www.debian.org/security/2003/dsa-251
www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html
www.osvdb.org/6981
www.redhat.com/support/errata/RHSA-2003-044.html
www.redhat.com/support/errata/RHSA-2003-045.html
www.securityfocus.com/bid/6793
exchange.xforce.ibmcloud.com/vulnerabilities/10842
Related
5.5 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.9%