CVE

Id
5719  
CVE No.
CVE-2002-1335  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.  
Phase
Modified (20071129)  
Votes
ACCEPT(2) Armstrong, Green | NOOP(2) Cole, Cox  
Comments
Cox> The wording of the impact of this issue could be better, this is | just a cross-site scripting vulnerability | Addref: RHSA-2003:045 | Green> ACKNOWLEDGED IN THE SOURCEFORGE NOTES  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
31557 5719 CVE-2002-1335 CONFIRM:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html  View
31558 5719 CVE-2002-1335 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=124484  View
31559 5719 CVE-2002-1335 OPENPKG:OpenPKG-SA-2003.009  View
31560 5719 CVE-2002-1335 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html  View
31561 5719 CVE-2002-1335 REDHAT:RHSA-2003:044  View
31562 5719 CVE-2002-1335 URL:http://www.redhat.com/support/errata/RHSA-2003-044.html  View
31563 5719 CVE-2002-1335 REDHAT:RHSA-2003:045  View
31564 5719 CVE-2002-1335 URL:http://www.redhat.com/support/errata/RHSA-2003-045.html  View
31565 5719 CVE-2002-1335 DEBIAN:DSA-249  View
31566 5719 CVE-2002-1335 URL:http://www.debian.org/security/2003/dsa-249  View
31567 5719 CVE-2002-1335 DEBIAN:DSA-250  View
31568 5719 CVE-2002-1335 URL:http://www.debian.org/security/2003/dsa-250  View
31569 5719 CVE-2002-1335 DEBIAN:DSA-251  View
31570 5719 CVE-2002-1335 URL:http://www.debian.org/security/2003/dsa-251  View
31571 5719 CVE-2002-1335 SECUNIA:8015  View
31572 5719 CVE-2002-1335 URL:http://secunia.com/advisories/8015  View
31573 5719 CVE-2002-1335 SECUNIA:8016  View
31574 5719 CVE-2002-1335 URL:http://secunia.com/advisories/8016  View
31575 5719 CVE-2002-1335 SECUNIA:8031  View
31576 5719 CVE-2002-1335 URL:http://secunia.com/advisories/8031  View
31577 5719 CVE-2002-1335 SECUNIA:8053  View
31578 5719 CVE-2002-1335 URL:http://secunia.com/advisories/8053  View
31579 5719 CVE-2002-1335 XF:w3m-html-frame-xss(10842)  View
31580 5719 CVE-2002-1335 URL:http://xforce.iss.net/xforce/xfdb/10842  View
31581 5719 CVE-2002-1335 BID:6793  View
31582 5719 CVE-2002-1335 URL:http://www.securityfocus.com/bid/6793  View
31583 5719 CVE-2002-1335 OSVDB:6981  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63303 JVNDB-2003-000029 w3m におけるクロスサイトスクリプティングの脆弱性 w3m には、フレーム中の HTML タグのエスケープ処理に不備があり、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2002-1335 5719 4.3 http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000029.html  View