Vulnerabilities > Wowza > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-35492 | Allocation of Resources Without Limits or Throttling vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. | 6.5 |
| 2021-04-23 | CVE-2021-31539 | Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. | 5.5 |
| 2020-08-03 | CVE-2019-19453 | Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). | 5.4 |
| 2020-05-18 | CVE-2019-19456 | Cross-site Scripting vulnerability in Wowza Streaming Engine A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. | 6.1 |
| 2020-01-29 | CVE-2019-7655 | Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. | 5.4 |
| 2020-01-29 | CVE-2019-7654 | Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. | 6.5 |
| 2018-03-05 | CVE-2017-16922 | Path Traversal vulnerability in Wowza Streaming Engine In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request. | 5.3 |
| 2018-03-01 | CVE-2018-7049 | Cross-site Scripting vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. | 6.1 |