[Icecast-dev] Icecast 2 affected by cross-site scripting
vulnerability in status-display?
Michael Smith
msmith at xiph.org
Thu Sep 2 21:07:49 PDT 2004
On Thursday 02 September 2004 18:33, Matthias Geerdsen wrote:
> Hi,
>
> since Icecast <=1.3.12 has been affected by a cross-site scripting
> vulnerability in the status display (s.
> <http://securitytracker.com/alerts/2004/Aug/1011046.html> and
> <http://www.debian.org/security/2004/dsa-541>) it appears to be unclear
> so far if Icecast 2.x is vulnerable too. Can anyone of you maybe confirm
> it is affected/not affected?
>
> Regards,
> Matthias
It is possible (but unlikely, I think - we've generally been careful about
this sort of thing) that icecast 2.x is vulnerable to problems of a similar
_type_ to this. However, 2.x cannot be vulnerable to this _specific_ problem,
since it's a completely different codebase.
Mike
More information about the Icecast-dev
mailing list