CVE-2019-19456 Information
Feb 14, 2021
cve
Description
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-19456.txt https://www.gruppotim.it/redteam https://www.wowza.com/docs/wowza-streaming-engine-4-8-0-release-notes
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: