2 matches found
CVE-2023-34105
SRS (Simple Real-time Server) api-server is vulnerable to drive-by command injection on POST /api/v1/snapshots in versions prior to 5.0.157, 5.0-b1, and 6.0.48, potentially leading to Remote Code Execution (RCE). Connected advisories confirm a fix in 5.0.157, 5.0-b1, and 6.0.48. Mitigate by updat...
CVE-2024-29882
CVE-2024-29882 affects SRS (simple, high-efficiency real-time video server). The vulnerability lies in the /api/v1/vhosts/vid-?callback= endpoint, where the callback name was not filtered, enabling injection of malicious JavaScript and XSS. Multiple connected sources corroborate that the issue ma...