CVE-2024-52053

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions prior to 4.9.1

Description The issue is related to Stored Cross-Site Scripting in the Manager component, which allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard. This can lead to the automatic hijacking of admin accounts. The vulnerability is associated with a lack of protection for the web page structure, enabling a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager component to minimize the risk of exploitation.