TROYANOSYVIRUS
Back to CVEs

CVE-2016-20036

MEDIUM
6.1

Description

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

CVE Details

CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published3/16/2026
Last Modified3/19/2026
Sourcenvd
Honeypot Sightings0

Affected Products

wowza:streaming_engine

Weaknesses (CWE)

CWE-79

References

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5343.php(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/40135(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/wowza-streaming-engine-multiple-cross-site-scripting-vulnerabilities(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.