CVE-1999-1549

HIGH

Lynx - Origin Validation Error

Title source: rule

Description

Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.

References (2)

[Exploit, Mailing List] http://marc.info/?l=bugtraq&m=94286509804526&w=2

[Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/804

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 43.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346

Status draft

Affected Products (2)

lynx_project/lynx

Timeline

Published Nov 16, 1999

Tracked Since Feb 18, 2026