Detections
Analytics

SHOUTcast Server Admin Log File XSS

medium Nessus Plugin ID 11624

Language:

Synopsis

The remote streaming audio server is affected by a cross-site scripting vulnerability.

Description

According to its banner, the version of SHOUTcast Server installed on the remote host is earlier than 1.9.5. Such versions do not properly validate user input before storing it in its log file. An attacker may use this flaw to perform a cross-site scripting attack against the administrators of the remote service and steal the administrators' cookies.

Solution

Upgrade to SHOUTcast 1.9.5 or later.

See Also

http://www.securiteam.com/securitynews/5WP010U9FY.html

Plugin Details

Severity: Medium

ID: 11624

File Name: shoutcast_log_xss.nasl

Version: 1.19

Type: remote

Published: 5/12/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:nullsoft:shoutcast_server

Excluded KB Items: Settings/disable_cgi_scanning

Reference Information

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990