3 matches found
CVE-2024-29882 SRS DOM - XSS on JSONP callback
SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...
CVE-2024-29882
CVE-2024-29882 affects SRS (simple, high-efficiency real-time video server). The vulnerability lies in the /api/v1/vhosts/vid-?callback= endpoint, where the callback name was not filtered, enabling injection of malicious JavaScript and XSS. Multiple connected sources corroborate that the issue ma...
CVE-2023-34105
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...