CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23854 – WordPress Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23854
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YesStreaming.com Shoutcast and Icecast Internet Radio Hosting Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com allows Stored XSS.This issue affects Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com: from n/a through 3.3. The Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, ... • https://patchstack.com/database/wordpress/plugin/shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com/vulnerability/wordpress-shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com-plugin-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9091 – Gentoo Linux Security Advisory 201412-38
https://notcve.org/view.php?id=CVE-2014-9091
10 Dec 2014 — Icecast before 2.4.0 does not change the supplementary group privileges when
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-9018 – Mandriva Linux Security Advisory 2014-231
https://notcve.org/view.php?id=CVE-2014-9018
27 Nov 2014 — Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Icecast anterior a 2.4.1 transmite las salidas de las secuencias de comandos 'on-connect', lo que podría permitir a atacantes remotos obtener información sensible, relacionado con descriptores de ficheros compartidos. Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensiti... • http://icecast.org/news/icecast-release-2_4_1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2005-0837
https://notcve.org/view.php?id=CVE-2005-0837
22 Mar 2005 — IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). • http://secunia.com/advisories/14644 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 4CVE-2005-0838 – Icecast 2.x - XSL Parser Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0838
22 Mar 2005 — Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag. • https://www.exploit-db.com/exploits/25238 •
CVSS: 9.8EPSS: 79%CPEs: 2EXPL: 11CVE-2004-1561 – Icecast 2.0.1 (Win32) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-1561
31 Dec 2004 — Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. • https://www.exploit-db.com/exploits/568 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2004-0781
https://notcve.org/view.php?id=CVE-2004-0781
14 Sep 2004 — Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.cgi en el servidor web interno de Icecast (icecast-server) 1.3.12 y anteriores permite a atacantes remotos inyectar script web de su elección mediante el parámetro UserAgent. • http://www.debian.org/security/2004/dsa-541 •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2004-2027
https://notcve.org/view.php?id=CVE-2004-2027
10 May 2004 — Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0378.html •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 2CVE-2002-1982 – icecast server 1.3.12 - Directory Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2002-1982
31 Dec 2002 — Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not. • https://www.exploit-db.com/exploits/21602 •
CVSS: 9.8EPSS: 22%CPEs: 4EXPL: 1CVE-2002-0177 – Icecast 1.x - AVLLib Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0177
18 Apr 2002 — Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. Desbordamientos de buffer en icecast 1.3.11 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET larga de un cliente MP3. • https://www.exploit-db.com/exploits/21363 •