Vulnerabilities > Kaltura

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-09	CVE-2022-4882	Cross-site Scripting vulnerability in Kaltura Mwembed A vulnerability was found in kaltura mwEmbed up to 2.91. network high complexity kaltura CWE-79	4.7
2023-01-04	CVE-2022-4876	Cross-site Scripting vulnerability in Kaltura Mwembed A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. network low complexity kaltura CWE-79	6.1
2017-09-19	CVE-2017-14143	Use of Hard-coded Credentials vulnerability in Kaltura Server The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. network low complexity kaltura CWE-798 critical	9.8
2017-09-19	CVE-2017-14142	Cross-site Scripting vulnerability in Kaltura Server Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php. network low complexity kaltura CWE-79	6.1
2017-09-19	CVE-2017-14141	Deserialization of Untrusted Data vulnerability in Kaltura Server The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. network low complexity kaltura CWE-502	7.2
2017-03-02	CVE-2017-6392	Cross-site Scripting vulnerability in Kaltura Server An issue was discovered in Kaltura server Lynx-12.11.0. network low complexity kaltura CWE-79	6.1
2017-03-02	CVE-2017-6391	Cross-site Scripting vulnerability in Kaltura Server An issue was discovered in Kaltura server Lynx-12.11.0. network low complexity kaltura CWE-79	6.1

Vulnerabilities > Kaltura {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Kaltura"}]}

Vulnerabilities > Kaltura