Vulnerability Description
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Darwin Streaming Server | 4.1.2 |
| Apple | Quicktime Streaming Server | 4.1.1 |
References
- http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225mac
- http://marc.info/?l=bugtraq&m=104618904330226&w=2
- http://www.iss.net/security_center/static/11404.phpVendor Advisory
- http://www.securityfocus.com/bid/6958
- http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225mac
- http://marc.info/?l=bugtraq&m=104618904330226&w=2
- http://www.iss.net/security_center/static/11404.phpVendor Advisory
- http://www.securityfocus.com/bid/6958
FAQ
What is CVE-2003-0053?
CVE-2003-0053 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script ...
How severe is CVE-2003-0053?
CVE-2003-0053 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0053?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Darwin Streaming Server, Apple Quicktime Streaming Server.