[Japanese]

JVNDB-2003-000029

w3m Cross-Site Scripting Vulnerability

Overview

w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


w3m project
  • w3m prior to version 0.3.2.1
Red Hat, Inc.
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0

Impact

An remote attacker could execute arbitrary scripts and gain access to files or cookies.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

w3m project Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2002-1335
References

  1. National Vulnerability Database (NVD) : CVE-2002-1335
  2. SecurityFocus : 6793
  3. ISS X-Force Database : 10842
  4. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 6981
Revision History

  • [2008/05/21]
      Wen page published