[Icecast-dev] Icecast 2 affected by cross-site scripting vulnerability in status-display?

Michael Smith msmith at xiph.org
Thu Sep 2 21:07:49 PDT 2004

On Thursday 02 September 2004 18:33, Matthias Geerdsen wrote:
> Hi,
> since Icecast <=1.3.12 has been affected by a cross-site scripting
> vulnerability in the status display (s.
> <http://securitytracker.com/alerts/2004/Aug/1011046.html> and
> <http://www.debian.org/security/2004/dsa-541>) it appears to be unclear
> so far if Icecast 2.x is vulnerable too. Can anyone of you maybe confirm
> it is affected/not affected?
> Regards,
> 	Matthias

It is possible (but unlikely, I think - we've generally been careful about 
this sort of thing) that icecast 2.x is vulnerable to problems of a similar 
_type_ to this. However, 2.x cannot be vulnerable to this _specific_ problem, 
since it's a completely different codebase.


More information about the Icecast-dev mailing list