Markus Wörle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands. For the stable distribution (woody) this problem has been fixed in version 1.3.11-4.2. For the unstable distribution (sid) this problem has been fixed in version 1.3.12-8. We recommend that you upgrade your icecast-server package.
Markus Wörle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands.
For the stable distribution (woody) this problem has been fixed in version 1.3.11-4.2.
For the unstable distribution (sid) this problem has been fixed in version 1.3.12-8.
We recommend that you upgrade your icecast-server package.
MD5 checksums of the listed files are available in the original advisory.