Streaming Engine Security Vulnerabilities and Issues — Streaming Engine CVE List

Lucene search

WowzaStreaming Engine

5 matches found

CVE•added 2020/05/18 5:15 p.m.•89 views

CVE-2019-19456

A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine

6.1CVSS5.9AI score0.00264EPSS

CVE•added 2021/10/05 4:15 p.m.•48 views

CVE-2021-35492

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this v...

6.5CVSS6.4AI score0.12981EPSS

CVE•added 2024/11/21 11:15 p.m.•41 views

CVE-2024-52056

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file.

6.9CVSS6.5AI score0.00237EPSS

CVE•added 2020/01/29 4:15 p.m.•40 views

CVE-2019-7654

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue...

6.5CVSS6.5AI score0.00923EPSS

CVE•added 2018/03/01 9:29 p.m.•38 views

CVE-2018-7049

An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.

6.1CVSS6.1AI score0.00301EPSS