CVE-2002-1348

high

Description

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

References

http://www.securityfocus.com/bid/6794

http://www.redhat.com/support/errata/RHSA-2003-045.html

http://www.redhat.com/support/errata/RHSA-2003-044.html

http://www.iss.net/security_center/static/11266.php

http://www.debian.org/security/2003/dsa-251

http://www.debian.org/security/2003/dsa-250

http://www.debian.org/security/2003/dsa-249

http://sourceforge.net/project/shownotes.php?release_id=126233

http://marc.info/?l=bugtraq&m=104552193927323&w=2

Details

Source: Mitre, NVD

Published: 2003-02-19

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01163

Detections

Analytics