Netscape : Security Vulnerabilities, CVEs, CVSS score between 6 and 6.99
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.
Max CVSS
6.1
EPSS Score
0.30%
Published
2019-01-31
Updated
2019-02-01
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
Max CVSS
6.4
EPSS Score
0.40%
Published
2002-12-31
Updated
2017-07-29
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
Max CVSS
6.4
EPSS Score
0.24%
Published
2000-03-11
Updated
2008-09-10
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
Max CVSS
6.4
EPSS Score
0.06%
Published
1999-03-18
Updated
2022-08-17
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Max CVSS
6.4
EPSS Score
3.91%
Published
1997-02-01
Updated
2022-08-17
5 vulnerabilities found