Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Quicktime/Darwin流服务器parse_xml.cgi跨站脚本执行漏洞
Vulnerability Description
Apple Darwin和QuickTime流管理服务器是基于WEB的服务,允许管理员管理Darwin和QuickTime流服务器,默认情况下,这些服务以ROOT权限监听1220/TCP端口。 Darwin/QuickTime流服务器的parse_xml.cgi对不存在文件名参数过滤不充分,远程攻击者可以利用这个漏洞进行跨站脚本执行攻击,可能获得目标用户敏感信息。 攻击者如果传递不存在的文件名参数提交给parse_xml.cgi脚本,可导致脚本产生错误消息并记录,如果攻击者提供的参数包含恶意脚本代码,当管
CVSS Information
N/A
Vulnerability Type
N/A