Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-05	CVE-2021-35491	Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. network wowza CWE-352	5.8
2021-10-05	CVE-2021-35492	Allocation of Resources Without Limits or Throttling vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. network low complexity wowza CWE-770	4.0
2020-08-03	CVE-2019-19453	Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). network low complexity wowza CWE-79	5.4
2020-05-18	CVE-2019-19456	Cross-site Scripting vulnerability in Wowza Streaming Engine A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. network wowza CWE-79	4.3
2020-05-18	CVE-2019-19454	Unspecified vulnerability in Wowza Streaming Engine An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. network low complexity wowza	5.0
2020-01-29	CVE-2019-7655	Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. network low complexity wowza CWE-79	5.4
2020-01-29	CVE-2019-7654	Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. network low complexity wowza CWE-352	6.5
2018-03-05	CVE-2017-16922	Path Traversal vulnerability in Wowza Streaming Engine In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request. network low complexity wowza CWE-22	5.0
2018-03-01	CVE-2018-7049	Cross-site Scripting vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. network wowza CWE-79	4.3
2018-03-01	CVE-2018-7048	Resource Exhaustion vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. network low complexity wowza CWE-400	5.0