XSS Vulnerability in Wowza Streaming Engine's HTTP Providers

XSS Vulnerability in Wowza Streaming Engine's HTTP Providers

CVE-2018-7049 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.

Learn more about our Web Application Penetration Testing UK.