CVE-2014-4166

Name of the Vulnerable Software and Affected Versions SHOUTcast DNAS version 2.2.1

Description A cross-site scripting (XSS) issue exists in the song history of SHOUTcast DNAS, allowing remote attackers to inject arbitrary web script or HTML via the mp3 title field. This could potentially lead to malicious actions on the affected system.

Recommendations For SHOUTcast DNAS version 2.2.1, consider restricting access to the song history feature until a patch is available, and avoid using the mp3 title field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.