CVE-2016-20036

Medium CVSS: 5.1

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

Vendor

Wowza

Product

Streaming Engine

CWE

CWE-79

Yayın Tarihi

2026-03-16 14:17:50

Güncelleme

2026-03-19 14:17:47

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Streaming Engine MEDIUM Wowza 2026

Referanslar

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5343.php https://www.exploit-db.com/exploits/40135 https://www.vulncheck.com/advisories/wowza-streaming-engine-multiple-cross-site-scripting-vulnerabilities

Benzer Kayıtlar

High

CVE-2016-20033

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to esca…

High

CVE-2016-20034

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to…

Medium

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform admini…