Kaltura Server Security Vulnerabilities and Issues — Kaltura Server CVE List

Lucene search

KalturaKaltura Server

3 matches found

CVE•added 2017/09/19 3:29 p.m.•60 views

CVE-2017-14143

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone ...

9.8CVSS8.5AI score0.77447EPSS

CVE•added 2017/09/19 3:29 p.m.•51 views

CVE-2017-14141

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

7.2CVSS7.3AI score0.02194EPSS

CVE•added 2017/09/19 3:29 p.m.•51 views

CVE-2017-14142

Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) e...

6.1CVSS6AI score0.00477EPSS