CVE-2019-19453

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions prior to 4.8.5

Description The issue allows an authenticated user with access to proxy license editing to insert a malicious payload that will be triggered in the main page of server settings. This is a case of XSS. The issue was resolved in Wowza Streaming Engine 4.8.5.

Recommendations For versions prior to 4.8.5, update to Wowza Streaming Engine 4.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the proxy license editing feature to minimize the risk of exploitation.