Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.
References
Link | Resource |
---|---|
https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-19453.txt | Third Party Advisory |
https://www.gruppotim.it/redteam | Third Party Advisory |
https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes | Release Notes Vendor Advisory |
Configurations
History
10 Feb 2023, 18:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes - Release Notes, Vendor Advisory | |
References | (MISC) https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-19453.txt - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
Information
Published : 2020-08-03 14:15
Updated : 2023-12-10 13:27
NVD link : CVE-2019-19453
Mitre link : CVE-2019-19453
CVE.ORG link : CVE-2019-19453
JSON object : View
Products Affected
wowza
- streaming_engine
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')