CVE-2002-1335

EPSS 1.4%

w3m - missing HTML quoting

Published: 12/11/2002Modified: 4/28/2026

Also known as:DEBIAN-CVE-2002-1335

Description

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

Affected packages (3)

Debian/w3mfrom 0, < 0.3.2.2-1
Debian/w3mfrom 0, < 0.3-2.4
Debian/w3mmeefrom 0, < 0.3-2.4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2002-1335