Cross-Site Scripting Vulnerability in Apple Darwin Streaming Administration Server and QuickTime Streaming Server
CVE-2003-0053

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime Streaming Server; Darwin Streaming Server
Vendor: CVE Published:; 7 March 2003

Summary

A cross-site scripting (XSS) vulnerability exists in the parse_xml.cgi component of the Apple Darwin Streaming Administration Server and QuickTime Streaming Server. This issue allows remote attackers to inject arbitrary scripts via the filename parameter in the web interface, which gets displayed in an error message. Exploiting this vulnerability can lead to unauthorized access to user data or manipulation of web content when exploited in a targeted attack.

References

http://lists.apple.com/archives/security-announce/2003/Fe...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/6958

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/11404.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 7, 2003
Vulnerability Reserved
Jan 28, 2003