Vulnerability Details : CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
Exploit prediction scoring system (EPSS) score for CVE-2002-1348
Probability of exploitation activity in the next 30 days: 0.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1348
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-1348
-
http://www.redhat.com/support/errata/RHSA-2003-044.html
Patch;Vendor Advisory
- http://www.debian.org/security/2003/dsa-249
-
http://www.iss.net/security_center/static/11266.php
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=104552193927323&w=2
- http://www.debian.org/security/2003/dsa-250
-
http://www.securityfocus.com/bid/6794
-
http://sourceforge.net/project/shownotes.php?release_id=126233
Vendor Advisory
- http://www.debian.org/security/2003/dsa-251
- http://www.redhat.com/support/errata/RHSA-2003-045.html
Products affected by CVE-2002-1348
- cpe:2.3:a:w3m:w3m:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:w3m:w3m:0.3.1:*:*:*:*:*:*:*