• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Apple QuickTime/Darwin Streaming Server Parse_XML.CGI Cross-Site Scripting Vulnerability

The Apple QuickTime/Darwin Streaming Server is prone to cross-site scripting attacks. When an invalid filename is specified from this page, it is output to an error page without sufficient sanitization of HTML and script code. This may permit cross-site scripting attacks to occur if an attacker constructs a malicious link to the page and can entice web users to visit it.