HackDig : Dig high-quality web security articles for hackers

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

2016-07-19 21:30
Title: Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities
Advisory ID: ZSL-2016-5343
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 19.07.2016
Summary
Wowza Streaming Engine is robust, customizable, and scalableserver software that powers reliable video and audio streaming to anydevice. Learn the benefits of using Wowza Streaming Engine to deliverhigh-quality live and on-demand video content to any device.
Description
Wowza Streaming Engine suffers from multiple reflected cross-sitescripting vulnerabilities when input passed via several parameters toseveral scripts is not properly sanitized before being returned to theuser. This can be exploited to execute arbitrary HTML and script codein a user's browser session in context of an affected site.
Vendor
Wowza Media Systems, LLC. - https://www.wowza.com
Affected Version
4.5.0 (build 18676)
Tested On
Winstone Servlet Engine v1.0.5
Servlet/2.5 (Winstone/1.0.5)
Vendor Status
[03.07.2016] Vulnerability discovered.
[09.07.2016] Contact with the vendor.
[18.07.2016] No response from the vendor.
[19.07.2016] Public security advisory released.
PoC
wowza_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[19.07.2016] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.3435-6102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:5710 | Comments:0 | Tags:No Tag

“Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud