CVE

CVE-2002-1348

Date: (C)2003-02-19   (M)2023-12-22

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

http://marc.info/?l=bugtraq&m=104552193927323&w=2

BID-6794

DSA-249

DSA-250

DSA-251

RHSA-2003:044

RHSA-2003:045

http://sourceforge.net/project/shownotes.php?release_id=126233

w3m-img-alt-xss(11266)