CVE-2018-18940

Name of the Vulnerable Software and Affected Versions Netscape Enterprise version 3.63

Description The issue concerns a reflected XSS vulnerability in the servlet/SnoopServlet, which is installed by default. This allows a remote unauthenticated attacker to potentially exploit the vulnerability by supplying malicious HTML or JavaScript code to the web application via an arbitrary parameter in the query string, marked as parameter=[XSS]. The malicious code is then reflected back to the victim and executed by the web browser.

Recommendations For Netscape Enterprise version 3.63, consider disabling the servlet/SnoopServlet as a temporary workaround until a more permanent solution can be found, noting that the product is discontinued and official support may not be available.