Lucene search
MitreCVE-1999-1357HistorySep 12, 2001 - 4:00 a.m.
CVE-1999-1357
2001-09-1204:00:00
mitre
web.nvd.nist.gov
22
cve-1999-1357
netscape communicator
unix
cross-site scripting
cgi programs.
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.007
Percentile
80.8%
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a “<” sign, and the 0x9b character to a “>” sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Affected configurations
Node
netscapecommunicatorRange≤4.7
ORnetscapecommunicatorMatch4.04
ORnetscapecommunicatorMatch4.51
| Vendor | Product | Version | CPE |
|---|---|---|---|
| netscape | communicator | * | cpe:2.3:a:netscape:communicator:*:*:*:*:*:*:*:* |
| netscape | communicator | 4.04 | cpe:2.3:a:netscape:communicator:4.04:*:*:*:*:*:*:* |
| netscape | communicator | 4.51 | cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:* |
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.007
Percentile
80.8%
Related for CVE-1999-1357