Cross-Site Scripting Vulnerabilities in SHOUTcast by Nullsoft
CVE-2006-3007

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Shoutcast Server
Vendor: CVE Published:; 13 June 2006

What is CVE-2006-3007?

Multiple cross-site scripting (XSS) vulnerabilities have been identified in SHOUTcast version 1.9.5, allowing attackers to inject arbitrary HTML or script content. This can be exploited through DJ fields such as Description, URL, Genre, AIM, and ICQ, potentially compromising user data and affecting the overall security of the web application.

References

http://www.vupen.com/english/advisories/2006/2254

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/20524

third-party-advisoryx_refsource_SECUNIA

http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2006
Vulnerability Reserved
Jun 12, 2006