Vulnerability Name: | CVE-2002-1335 (CCN-10842) | ||||||||||||||||||||
Assigned: | 2002-11-27 | ||||||||||||||||||||
Published: | 2002-11-27 | ||||||||||||||||||||
Updated: | 2017-07-11 | ||||||||||||||||||||
Summary: | Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. | ||||||||||||||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2002-1335 Source: CCN Type: w3m-dev-en Mailing List, Wed, 27 Nov 2002 01:53:56 +0900 [w3m-dev-en 00838] w3m-0.3.2.1 released Source: CONFIRM Type: Vendor Advisory http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html Source: CCN Type: RHSA-2003-044 Updated w3m packages fix cross-site scripting issues Source: CCN Type: RHSA-2003-045 w3m security update Source: CCN Type: SA8015 RedHat updates to W3M Source: SECUNIA Type: UNKNOWN 8015 Source: CCN Type: SA8016 RedHat updates to W3M Source: SECUNIA Type: UNKNOWN 8016 Source: CCN Type: SA8031 Debian updates to w3mmee Source: SECUNIA Type: UNKNOWN 8031 Source: SECUNIA Type: UNKNOWN 8053 Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=124484 Source: CCN Type: SourceForge.net SourceForge.net: Project Info - w3m Source: DEBIAN Type: UNKNOWN DSA-249 Source: DEBIAN Type: UNKNOWN DSA-250 Source: DEBIAN Type: UNKNOWN DSA-251 Source: DEBIAN Type: DSA-249 w3mmee -- missing HTML quoting Source: DEBIAN Type: DSA-250 w3mmee-ssl -- missing HTML quoting Source: DEBIAN Type: DSA-251 w3m -- missing HTML quoting Source: CCN Type: OpenPKG-SA-2003.009 w3m Source: OPENPKG Type: UNKNOWN OpenPKG-SA-2003.009 Source: OSVDB Type: UNKNOWN 6981 Source: CCN Type: OSVDB ID: 6981 w3m Unspecified Frame XSS Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:044 Source: REDHAT Type: UNKNOWN RHSA-2003:045 Source: BID Type: Patch, Vendor Advisory 6793 Source: CCN Type: BID-6793 W3M Frame Enabled Browsing Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN w3m-html-frame-xss(10842) Source: XF Type: UNKNOWN w3m-html-frame-xss(10842) | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |