LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

w3m - cross-site scripting vulnerabilities

Package(s):w3m CVE #(s):CAN-2002-1335 CAN-2002-1348
Created:February 7, 2003 Updated:February 18, 2003
Description: w3m is a pager with Web browsing capabilities. Two cross-site scripting (XSS) issues have been found in w3m.

An XSS vulnerability in w3m 0.3.2 allows remote attackers to insert arbitrary HTML and web script into frames. Frames are disabled by default in the version of w3m shipped with Red Hat Linux. Therefore, this problem will not appear as long as users do not use w3m with the -F option, or enable frame support in either the /etc/w3m/w3mconfig or ~/.w3m/config configuration files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1335 to this issue.

An XSS vulnerability in versions of w3m before 0.3.2.2 allows attackers to insert arbitrary HTML and web script into image attributes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1348 to this issue

Alerts:
OpenPKG OpenPKG-SA-2003.009 2003-02-18
Gentoo 200302-07 2003-02-17
Debian DSA-251-1 2003-02-14
Debian DSA-250-1 2003-02-12
Debian DSA-249-1 2003-02-11
Red Hat RHSA-2003:044-20 2003-02-06
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds