CVE-2002-1348

Name	CVE-2002-1348
Description	w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-249, DSA-250, DSA-251
NVD severity	medium

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
w3m (PTS)	stretch	0.5.3-34+deb9u1	fixed
	buster	0.5.3-37	fixed
	bookworm, sid, bullseye	0.5.3+git20210102-6	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
w3m	source	woody	0.3-2.4		DSA-251
w3m	source	(unstable)	0.3.2.2-1
w3mmee	source	woody	0.3-2.4		DSA-249
w3mmee	source	(unstable)	0.3.p24.17-3