PT-2025-5143 · Yesstreaming.Com · Shoutcast Icecast Html5 Radio Player

Name of the Vulnerable Software and Affected Versions: Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com versions n/a through 3.3 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This...

CVE-2024-8666

The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-8666 Shoutcast Icecast HTML5 Radio Player <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Shoutcast Icecast HTML5 Radio Player plugin <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Shoutcast Icecast HTML5 Radio Player versions = 2.1.6...

WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...

OPENSUSE-SU-2024:10584-1 icecast-2.4.4-2.1 on GA media

These are all security issues fixed in the icecast-2.4.4-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10067-1 icecast-2.4.2-1.7 on GA media

These are all security issues fixed in the icecast-2.4.2-1.7 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2005-0837

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...

SUSE CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc error.log via a crafted URL...

SUSE CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors...

SUSE CVE-2014-9091

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors...

SUSE CVE-2015-3026

Icecast before 2.4.2, when a streamauth handler is defined for URL authentication, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."...

SUSE CVE-2018-18820

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution...

SUSE CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

Matrix synapse resource management error vulnerability

synapse is an open source application developed by Matrix. Used for open federated instant messaging and VoIP. A resource management error vulnerability exists in Matrix synapse versions prior to 1.53.0, which stems from Synapse generating URL previews of media streams without limiting the...

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

Design/Logic Flaw

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...