CVE-2002-1348

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2002-1348

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2002-1348.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2002-1348

Related

Published

2003-02-19T05:00:00Z

Modified

2024-11-20T23:41:05Z

Summary

[none]

Details

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

References

Affected packages

Debian:11 / w3m

Package

Name: w3m
Purl: pkg:deb/debian/w3m?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / w3m

Package

Name: w3m
Purl: pkg:deb/debian/w3m?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / w3m

Package

Name: w3m
Purl: pkg:deb/debian/w3m?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}