w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
Name | Vendor | Start Version | End Version |
---|---|---|---|
W3m | W3m | 0.2 (including) | 0.2 (including) |
W3m | W3m | 0.2.1 (including) | 0.2.1 (including) |
W3m | W3m | 0.2.2 (including) | 0.2.2 (including) |
W3m | W3m | 0.2.3 (including) | 0.2.3 (including) |
W3m | W3m | 0.2.4 (including) | 0.2.4 (including) |
W3m | W3m | 0.2.5 (including) | 0.2.5 (including) |
W3m | W3m | 0.2.5.1 (including) | 0.2.5.1 (including) |
W3m | W3m | 0.3 (including) | 0.3 (including) |
W3m | W3m | 0.3.1 (including) | 0.3.1 (including) |
W3m | W3m | 0.3.2 (including) | 0.3.2 (including) |
W3m | W3m | 0.3.2.1 (including) | 0.3.2.1 (including) |
W3m | W3m | 0.3.2.2 (including) | 0.3.2.2 (including) |