CVE-2016-20036

MEDIUM

6.1

Descricao

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

Detalhes CVE

Pontuacao CVSS v3.16.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado3/16/2026

Ultima modificacao3/19/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

wowza:streaming_engine

Fraquezas (CWE)

CWE-79

Referencias

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5343.php(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/40135(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/wowza-streaming-engine-multiple-cross-site-scripting-vulnerabilities(disclosure@vulncheck.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.