Vulnerabilities > CVE-2004-0781 - Unspecified vulnerability in Icecast
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN icecast
nessus
Summary
Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-541.NASL description Markus Worle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands. last seen 2020-06-01 modified 2020-06-02 plugin id 15378 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15378 title Debian DSA-541-1 : icecast-server - missing escape NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B2CFB4001DF011D9A8590050FC56D258.NASL description Caused by improper filtering of HTML code in the status display, it is possible for a remote user to execute scripting code in the target user last seen 2020-06-01 modified 2020-06-02 plugin id 36617 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36617 title FreeBSD : icecast -- XSS Vulnerability (b2cfb400-1df0-11d9-a859-0050fc56d258) NASL family CGI abuses : XSS NASL id ICECAST_XSS.NASL description The remote server runs a version of Icecast that is as old or older than version 1.3.12. This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 14390 published 2004-08-27 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14390 title Icecast list.cgi User-Agent XSS NASL family FreeBSD Local Security Checks NASL id FREEBSD_ICECAST_1312_2.NASL description The following package needs to be updated: icecast last seen 2016-09-26 modified 2004-10-18 plugin id 15501 published 2004-10-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=15501 title FreeBSD : icecast -- XSS Vulnerability (71)