6 matches found
CVE-2019-14961
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...
Debian Security Advisory DSA 251-1 (w3m, w3m-ssl)
The remote host is missing an update to w3m, w3m-ssl announced via advisory DSA 251-1. OpenVAS Vulnerability Test $Id: deb2511.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 251-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian DSA-251-1 : w3m - missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send their local cookies...
CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies...
CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies...
CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies...