Vulnerabilities > Wowza

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2019-7655 Cross-site Scripting vulnerability in Wowza Streaming Engine
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form.
network
low complexity
wowza CWE-79
5.4
2020-01-29 CVE-2019-7654 Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities.
network
low complexity
wowza CWE-352
6.5
2019-03-21 CVE-2018-19365 Path Traversal vulnerability in Wowza Streaming Engine 4.7.4.0.1
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
network
low complexity
wowza CWE-22
critical
9.1
2018-03-05 CVE-2017-16922 Path Traversal vulnerability in Wowza Streaming Engine
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
network
low complexity
wowza CWE-22
5.3
2018-03-01 CVE-2018-7049 Cross-site Scripting vulnerability in Wowza Streaming Engine
An issue was discovered in Wowza Streaming Engine before 4.7.1.
network
low complexity
wowza CWE-79
6.1
2018-03-01 CVE-2018-7048 Resource Exhaustion vulnerability in Wowza Streaming Engine
An issue was discovered in Wowza Streaming Engine before 4.7.1.
network
low complexity
wowza CWE-400
7.5
2018-03-01 CVE-2018-7047 Use of Hard-coded Credentials vulnerability in Wowza Streaming Engine
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1.
network
low complexity
wowza CWE-798
critical
9.8