Nullsoft: >> Shoutcast Server >> 1.9.7 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
CVSS Score
4.3
EPSS Score
0.041
Published
2007-03-02
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
CVSS Score
7.2
EPSS Score
0.0
Published
1999-08-20