PT-2026-25734 · Wowza · Streaming Engine
Published
2026-03-15
·
Updated
2026-03-16
·
CVE-2016-20036
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Wowza Streaming Engine version 4.5.0
Description
The software contains multiple reflected cross-site scripting issues in the enginemanager interface. Input provided through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters such as
appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.Recommendations
Ensure proper sanitization of the
appName parameter.
Ensure proper sanitization of the vhost parameter.
Ensure proper sanitization of the uiAppType parameter.
Ensure proper sanitization of the wowzaCloudDestinationType parameter.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Streaming Engine