Vulnerabilities > CVE-2004-0781 - Cross-Site Scripting vulnerability in Icecast Server Status Display

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

icecast

nessus

NVD

Published: 2004-10-20

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.

Vulnerable Configurations

Part	Description	Count
Application	Icecast Icecast Icecast 1.3.0 Icecast Icecast 1.3.5 Icecast Icecast 1.3.5.1 Icecast Icecast 1.3.7 Icecast Icecast 1.3.7.1 Icecast Icecast 1.3.8 Icecast Icecast 1.3.9 Icecast Icecast 1.3.9.1 Icecast Icecast 1.3.9.2 Icecast Icecast 1.3.10 Icecast Icecast 1.3.10.1 Icecast Icecast 1.3.11 Icecast Icecast 1.3.12	13

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-541.NASL
description	Markus Worle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands.
last seen	2020-06-01
modified	2020-06-02
plugin id	15378
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15378
title	Debian DSA-541-1 : icecast-server - missing escape

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_B2CFB4001DF011D9A8590050FC56D258.NASL
description	Caused by improper filtering of HTML code in the status display, it is possible for a remote user to execute scripting code in the target user
last seen	2020-06-01
modified	2020-06-02
plugin id	36617
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36617
title	FreeBSD : icecast -- XSS Vulnerability (b2cfb400-1df0-11d9-a859-0050fc56d258)

NASL family	CGI abuses : XSS
NASL id	ICECAST_XSS.NASL
description	The remote server runs a version of Icecast that is as old or older than version 1.3.12. This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	14390
published	2004-08-27
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14390
title	Icecast list.cgi User-Agent XSS

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_ICECAST_1312_2.NASL
description	The following package needs to be updated: icecast
last seen	2016-09-26
modified	2004-10-18
plugin id	15501
published	2004-10-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=15501
title	FreeBSD : icecast -- XSS Vulnerability (71)

Summary

Vulnerable Configurations

Nessus

References