Detections
Analytics

SHOUTcast Server Log Files XSS (deprecated)

medium Nessus Network Monitor Plugin ID 1527

Synopsis

The remote host is running a vulnerable version of SHOUTcast server.

Description

The remote host is running a SHOUTcast server. This software does not properly validate the data provided by web clients, and is therefore vulnerable to a cross-site scripting issue in its logs interface (which can only be used by the administrator). An attacker may use this flaw to steal the cookies of the administrator and gain access to this server.

Solution

None solution known at this time.

See Also

http://www.securiteam.com/securitynews/5WP010U9FY.html

http://www.securitytracker.com/alerts/2003/Mar/1006203.html

Plugin Details

Severity: Medium

ID: 1527

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11624

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C