fkie_nvd - fkie_cve-2004-0781

fkie_cve-2004-0781

Vulnerability from fkie_nvd

Published

2004-10-20 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.

References

URL	Tags
cve@mitre.org	http://www.debian.org/security/2004/dsa-541	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/11021	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17086
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-541	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11021	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17086

Impacted products

Vendor	Product	Version
icecast	icecast	1.3.0
icecast	icecast	1.3.5
icecast	icecast	1.3.5.1
icecast	icecast	1.3.7
icecast	icecast	1.3.7.1
icecast	icecast	1.3.8
icecast	icecast	1.3.9
icecast	icecast	1.3.9.1
icecast	icecast	1.3.9.2
icecast	icecast	1.3.10
icecast	icecast	1.3.10.1
icecast	icecast	1.3.11
icecast	icecast	1.3.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32DB53A-7E27-4856-A4D7-909CF121F332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05505BF-6437-421A-90B3-9766E707ADDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5E2224-2844-420F-A51E-DED27A50A93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C35E7B3-C898-4127-9188-65E691148EEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD812E67-7373-474C-8A05-1827C19BD6F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE04F78D-A908-4F5E-A9AE-4B9996B304B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3DCBD8-26FB-4098-8EFE-8C8C025E3B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30157ED-6C29-42D0-8F4B-D5498A5BFF50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2ABBD7E-50EB-4CFD-BA92-4C7172E82C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B1944C-E99D-4FF2-AE5B-2887F9BE1E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17888040-F0ED-491C-98D7-3BA0F7318D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86170BC-3616-4B26-832B-6F6C41D02081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icecast:icecast:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7336AF-1276-41F6-8BC9-68B2110A92A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.cgi en el servidor web interno de Icecast (icecast-server) 1.3.12 y anteriores permite a atacantes remotos inyectar script web de su elecci\u00f3n mediante el par\u00e1metro UserAgent."
    }
  ],
  "id": "CVE-2004-0781",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-541"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11021"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17086"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2004-0781 (GCVE-0-2004-0781)

Vulnerability from cvelistv5

Published

2004-09-14 04:00