Description
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Affected products
- netscape / communicator4.7
- netscape / communicator4.04 – 4.04
- netscape / communicator4.51 – 4.51
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=93915331626185&w=2