fkie_nvd - fkie_cve-2003-0053

fkie_cve-2003-0053

Vulnerability from fkie_nvd

Published

2003-03-07 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
cve@mitre.org	http://marc.info/?l=bugtraq&m=104618904330226&w=2
cve@mitre.org	http://www.iss.net/security_center/static/11404.php	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/6958
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104618904330226&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/11404.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6958

Impacted products

	Vendor	Product	Version
	apple	darwin_streaming_server	4.1.2
	apple	quicktime_streaming_server	4.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F40D1E1-10B3-4A7C-A945-A8D74F3DCB35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "583E3DC3-86AB-4E91-B464-18FFBC436A82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en parse_xml.cgi de Apple Darwin Streaming Administration Server 4.1.2 y QuickTime Streaming Server 4.1.1 permite a atacantes remotos la inserci\u00f3n de c\u00f3digo arbitrario mediante el par\u00e1metro filename, insertado a trav\u00e9s de un mensaje de error."
    }
  ],
  "id": "CVE-2003-0053",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-07T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104618904330226\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11404.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104618904330226\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11404.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6958"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2003-0053 (GCVE-0-2003-0053)

Vulnerability from cvelistv5

Published

2004-09-01 04:00

Modified

2024-08-08 01:43