Web application abuses : ICECast XSS

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.14390

Categoría: Web application abuses

Título: ICECast XSS

Resumen: The remote server runs a version of ICECast which is as old as or older than;version 1.3.12.;;This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue;is due to a failure of the application to properly sanitize user-supplied input.;;As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing;script code that will be executed in the browser of an unsuspecting user when followed.;;This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Descripción: Summary:
The remote server runs a version of ICECast which is as old as or older than
version 1.3.12.

This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue
is due to a failure of the application to properly sanitize user-supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing
script code that will be executed in the browser of an unsuspecting user when followed.

This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Solution:
Upgrade to version 1.3.12 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0781
BugTraq ID: 11021
http://www.securityfocus.com/bid/11021
Debian Security Information: DSA-541 (Google Search)
http://www.debian.org/security/2004/dsa-541
XForce ISS Database: icecast-list-useragent-xss(17086)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17086

Copyright Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.14390
Categoría:	Web application abuses
Título:	ICECast XSS
Resumen:	The remote server runs a version of ICECast which is as old as or older than;version 1.3.12.;;This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue;is due to a failure of the application to properly sanitize user-supplied input.;;As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing;script code that will be executed in the browser of an unsuspecting user when followed.;;This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Descripción:	Summary: The remote server runs a version of ICECast which is as old as or older than version 1.3.12. This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. Solution: Upgrade to version 1.3.12 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0781 BugTraq ID: 11021 http://www.securityfocus.com/bid/11021 Debian Security Information: DSA-541 (Google Search) http://www.debian.org/security/2004/dsa-541 XForce ISS Database: icecast-list-useragent-xss(17086) https://exchange.xforce.ibmcloud.com/vulnerabilities/17086
Copyright	Copyright (C) 2004 David Maciejak