CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18940

servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 73.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/150262/Netscape-Enterprise-3.63-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2018/Nov/31
http://packetstormsecurity.com/files/150262/Netscape-Enterprise-3.63-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2018/Nov/31

Products affected by CVE-2018-18940

Netscape » Enterprise Server » Version: 3.63

cpe:2.3:a:netscape:enterprise_server:3.63

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18940

Products

Pricing

Contact Us