CVE-2006-3007

Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.

Published: Jun 13, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3007
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
nullsoft / shoutcast_server	1.8.9	1.8.9.x
nullsoft / shoutcast_server	1.9.4	1.9.4.x
nullsoft / shoutcast_server	1.9.5	1.9.5.x
nullsoft / shoutcast_server	1.8.3	1.8.3.x
nullsoft / shoutcast_server	1.7.1	1.7.1.x
nullsoft / shoutcast_server	1.9.2	1.9.2.x

http://marc.info/?l=bugtraq&m=114980135615062&w=2
http://secunia.com/advisories/20524
http://secunia.com/advisories/21005
http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml
http://www.securityfocus.com/bid/18376
http://www.vupen.com/english/advisories/2006/2254
https://exchange.xforce.ibmcloud.com/vulnerabilities/27129

Vulnerability Database

289,871

CVE-2006-3007