Netscape : Security Vulnerabilities, CVEs, (XSS)
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.
Max CVSS
6.1
EPSS Score
0.30%
Published
2019-01-31
Updated
2019-02-01
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Max CVSS
7.5
EPSS Score
0.73%
Published
1999-10-05
Updated
2016-10-18
2 vulnerabilities found