CVE-2016-20036

MEDIUM

6.1

Beschreibung

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht3/16/2026

Zuletzt geandert3/19/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

wowza:streaming_engine

Schwachen (CWE)

CWE-79

Referenzen

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5343.php(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/40135(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/wowza-streaming-engine-multiple-cross-site-scripting-vulnerabilities(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.