CVE-2003-0053

medium

Description

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.

References

http://www.securityfocus.com/bid/6958

http://www.iss.net/security_center/static/11404.php

http://marc.info/?l=bugtraq&m=104618904330226&w=2

http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt

Details

Source: Mitre, NVD

Published: 2003-03-07

Updated: 2016-10-18

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium