SHOUTcast Server Admin Log File XSS

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.


Synopsis :

The remote streaming audio server is affected by a cross-site scripting
vulnerability.

Description :

According to its banner, the version of SHOUTcast Server installed on
the remote host is earlier than 1.9.5. Such versions do not properly
validate user input before storing it in its log file. An attacker may
use this flaw to perform a cross-site scripting attack against the
administrators of the remote service and steal the administrators'
cookies.

See also :

http://www.securiteam.com/securitynews/5WP010U9FY.html

Solution :

Upgrade to SHOUTcast 1.9.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 11624 ()

Bugtraq ID:

CVE ID: