- Description
- Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F40D1E1-10B3-4A7C-A945-A8D74F3DCB35"
},
{
"criteria": "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "583E3DC3-86AB-4E91-B464-18FFBC436A82"
}
],
"operator": "OR"
}
]
}
]