Cross-site Scripting Vulnerability in YesStreaming.com Shoutcast and Icecast HTML5 Web Radio Player
CVE-2025-23854

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Shoutcast And Icecast Html5 Web Radio Player By Yesstreaming.com
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23854?

The Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com contains a Stored Cross-site Scripting (XSS) vulnerability. This flaw occurs due to improper neutralization of user-supplied input during web page generation. Attackers can exploit this vulnerability to inject malicious scripts, which are stored on the server and executed in the context of other users’ browsers. This can result in unauthorized actions being taken on behalf of the user, leading to potential data theft or account compromise.

Affected Version(s)

Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com <= 3.3

References

https://patchstack.com/database/wordpress/plugin/shoutcas...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)