CVE-2002-1335

Description

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

How to fix CVE-2002-1335

To remediate CVE-2002-1335, upgrade the affected package to a fixed version below.

• Debian/w3m—upgrade to 0.3.2.2-1 or later
• Debian/w3m—upgrade to 0.3-2.4 or later
• Debian/w3mmee—upgrade to 0.3-2.4 or later

Is CVE-2002-1335 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 0.3.2.2-1
• from 0, < 0.3-2.4
• from 0, < 0.3-2.4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-1335