Vulnerability Details CVE-1999-1357
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.5%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-1999-1357
-
cpe:2.3:a:netscape:communicator:-
-
cpe:2.3:a:netscape:communicator:2.0
-
cpe:2.3:a:netscape:communicator:3.0
-
cpe:2.3:a:netscape:communicator:4.0
-
cpe:2.3:a:netscape:communicator:4.01
-
cpe:2.3:a:netscape:communicator:4.04
-
cpe:2.3:a:netscape:communicator:4.05
-
cpe:2.3:a:netscape:communicator:4.06
-
cpe:2.3:a:netscape:communicator:4.07
-
cpe:2.3:a:netscape:communicator:4.4
-
cpe:2.3:a:netscape:communicator:4.5
-
cpe:2.3:a:netscape:communicator:4.51
-
cpe:2.3:a:netscape:communicator:4.5_beta
-
cpe:2.3:a:netscape:communicator:4.6
-
cpe:2.3:a:netscape:communicator:4.7