Vulnerabilities > Lynx Project > Lynx > 2.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-07 | CVE-2021-38165 | Insufficiently Protected Credentials vulnerability in multiple products Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | 5.3 |
| 1999-11-16 | CVE-1999-1549 | Origin Validation Error vulnerability in Lynx Project Lynx 2.7/2.8 Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | 7.8 |