First published: Thu Jan 31 2019(Updated: )
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netscape Enterprise Server | =3.63 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.