CVE-1999-1357

Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.

Published: Oct 5, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1357
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netscape / communicator	4.04	4.04.x
netscape / communicator	4.51	4.51.x
netscape / communicator	-	4.7.x

http://marc.info/?l=bugtraq&m=93915331626185&w=2

Vulnerability Database

289,697

CVE-1999-1357