|
|
Log in / Subscribe / Register

w3m - cross-site scripting vulnerabilities

Package(s):w3m CVE #(s):CAN-2002-1335 CAN-2002-1348
Created:February 7, 2003 Updated:February 18, 2003
Description: w3m is a pager with Web browsing capabilities. Two cross-site scripting (XSS) issues have been found in w3m.

An XSS vulnerability in w3m 0.3.2 allows remote attackers to insert arbitrary HTML and web script into frames. Frames are disabled by default in the version of w3m shipped with Red Hat Linux. Therefore, this problem will not appear as long as users do not use w3m with the -F option, or enable frame support in either the /etc/w3m/w3mconfig or ~/.w3m/config configuration files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1335 to this issue.

An XSS vulnerability in versions of w3m before 0.3.2.2 allows attackers to insert arbitrary HTML and web script into image attributes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1348 to this issue

Alerts:
OpenPKG OpenPKG-SA-2003.009 w3m 2003-02-18
Gentoo 200302-07 w3m 2003-02-17
Debian DSA-251-1 w3m 2003-02-14
Debian DSA-250-1 w3mmee-ssl 2003-02-12
Debian DSA-249-1 w3mmee 2003-02-11
Red Hat RHSA-2003:044-20 w3m 2003-02-06
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds