TROYANOSYVIRUS
Retour aux CVEs

CVE-2016-20036

MEDIUM
6.1

Description

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

Details CVE

Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/16/2026
Derniere modification3/19/2026
Sourcenvd
Observations honeypot0

Produits affectes

wowza:streaming_engine

Faiblesses (CWE)

CWE-79

References

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5343.php(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/40135(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/wowza-streaming-engine-multiple-cross-site-scripting-vulnerabilities(disclosure@vulncheck.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.