Vulnerabilities > CVE-2004-0781 - Unspecified vulnerability in Icecast

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
icecast
nessus

Summary

Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-541.NASL
    descriptionMarkus Worle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands.
    last seen2020-06-01
    modified2020-06-02
    plugin id15378
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15378
    titleDebian DSA-541-1 : icecast-server - missing escape
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B2CFB4001DF011D9A8590050FC56D258.NASL
    descriptionCaused by improper filtering of HTML code in the status display, it is possible for a remote user to execute scripting code in the target user
    last seen2020-06-01
    modified2020-06-02
    plugin id36617
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36617
    titleFreeBSD : icecast -- XSS Vulnerability (b2cfb400-1df0-11d9-a859-0050fc56d258)
  • NASL familyCGI abuses : XSS
    NASL idICECAST_XSS.NASL
    descriptionThe remote server runs a version of Icecast that is as old or older than version 1.3.12. This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id14390
    published2004-08-27
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14390
    titleIcecast list.cgi User-Agent XSS
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_ICECAST_1312_2.NASL
    descriptionThe following package needs to be updated: icecast
    last seen2016-09-26
    modified2004-10-18
    plugin id15501
    published2004-10-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=15501
    titleFreeBSD : icecast -- XSS Vulnerability (71)