National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:netscape:enterprise_server:3.63
There are 1 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-18940

servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.

Published: January 31, 2019; 02:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM