Summary
The remote server runs a version of ICECast which is as old as or older than version 1.3.12.
This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.
This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Solution
Upgrade to a newer version.
Severity
Classification
-
CVE CVE-2004-0781 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability