1. CVE-Search
  2. CVE-2003-0053
ID CVE-2003-0053
Summary Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2016 - 02:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
atstake A032403-1
bid 6958
bugtraq 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
confirm http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
xf quicktime-darwin-parsexml-xss(11404)
Last major update 18-10-2016 - 02:28
Published 07-03-2003 - 05:00
Last modified 18-10-2016 - 02:28
Back to Top