Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local malicious user to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lynx project lynx 2.8 |
||
lynx project lynx 2.7 |